Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 8: keineantwortadresse@web.de

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.12.2013, 16:13   #1
Gurke10000
 
Windows 8: keineantwortadresse@web.de - Standard

Windows 8: keineantwortadresse@web.de



Hallo liebe Community,

ich bin neu hier!
Grund ist allerdings ein unerfreulicher! Und zwar bekam ich gestern im Laufe des Tages zig Mails von keineantwortadresse@web.de, welche angeblich alle von meinem Account geschickt wurden. Daraufhin habe ich zunächst das Passwort geändert. Das war gestern abend zwischen 23 und 23.30 Uhr. Seitdem habe ich auch keine weiteren Emails erhalten.
Nichtsdestotrotz hatte ich heute morgen von web.de eine Aufforderung erhalten, mein Passwort zu ändern, weil mein Computer oder mein Passwort übernommen oder gehackt wurde.

Der Email-Text dürfte einigen von euch bekannt sein: This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error........ etc. Ich habe die Mails erstmal alle gelöscht.


Noch einmal zur Klarstellung: Seitdem ich das Passwort geändert habe, ist nichts mehr passiert.
Nichtsdestotrotz habe ich ein ungutes Gefühl, dass ich vlt einen Trojaner oder einen Virus auf dem Computer habe.

Mein Mitbewohner, der etwas computeraffiner ist als ich, hat gestern einige Programme durchlaufen lassen. Ich kann euch gerade nur nicht sagen was und er ist jetzt erstmal eine Woche bei seiner Freundin. Außerdem war er danach auch nicht schlauer.

Ich selber nutze AntiMalwareBytes und das meckert derzeit nicht.

Ich würde gerne wissen, ob ich einen Trojaner, Keylogger etc. habe oder ob meine Email-Adresse einfach gehackt wurde.

Wie in euren Vorgaben beschrieben, habe ich einige Logs erstellt:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2013
Ran by Seb (administrator) on SEBASTIAN on 06-12-2013 15:33:55
Running from C:\Users\Seb\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\TOSHIBA\LANDriver\TNSSVC.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\Seb\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13197456 2012-09-28] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_PS3D.zip [215248 2012-07-27] ()
HKLM\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2609064 2012-08-30] ()
HKLM\...\Run: [TOSDCR] - C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-08-31] (Acronis)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Seb\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-19] (Spotify Ltd)
HKCU\...\Run: [Spotify] - C:\Users\Seb\AppData\Roaming\Spotify\spotify.exe [5955072 2013-11-19] (Spotify Ltd)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [TOSDCR] - %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
HKLM-x32\...\Run: [ATLauncher] - "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622232 2007-08-31] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [907040 2007-08-31] (Acronis)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-08-30] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-11-11] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKLM - DefaultScope {09A69234-BD08-4395-99EF-968D786EBEF5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM - {09A69234-BD08-4395-99EF-968D786EBEF5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {09A69234-BD08-4395-99EF-968D786EBEF5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - {09A69234-BD08-4395-99EF-968D786EBEF5} URL = 
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 134.95.127.1

FireFox:
========
FF ProfilePath: C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
R2 TNSSVC; C:\Program Files\Toshiba\LANDriver\TNSSVC.exe [40944 2012-09-07] ()
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S2 McOobeSv2; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [x]
S2 McSchedulerSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132600 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-03-30] (DT Soft Ltd)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [452432 2012-08-10] (Intel Corporation)
R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-08-30] (Cisco Systems, Inc.)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows (R) Win 7 DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
U5 MBAMSwissArmy; C:\Windows\System32\Drivers\MBAMSwissArmy.sys [116440 2013-12-06] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-06 15:33 - 2013-12-06 15:34 - 00017019 _____ C:\Users\Seb\Downloads\FRST.txt
2013-12-06 15:32 - 2013-12-06 15:32 - 00000000 ____D C:\FRST
2013-12-06 15:31 - 2013-12-06 15:31 - 01925820 _____ (Farbar) C:\Users\Seb\Downloads\FRST64.exe
2013-12-06 12:29 - 2013-12-06 12:41 - 00000000 ____D C:\Users\Seb\Desktop\mbar
2013-12-06 12:29 - 2013-12-06 12:41 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-06 12:29 - 2013-12-06 12:29 - 00116440 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-06 12:29 - 2013-12-06 12:29 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-12-06 12:28 - 2013-12-06 12:28 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Seb\Downloads\mbar-1.07.0.1007.exe
2013-12-06 11:46 - 2013-12-06 11:50 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-06 11:45 - 2013-12-06 11:46 - 10264904 _____ (SurfRight B.V.) C:\Users\Seb\Downloads\hitmanpro_x64.exe
2013-12-06 11:42 - 2013-12-06 11:42 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-12-06 11:11 - 2013-12-06 11:11 - 02209056 _____ C:\Users\Seb\Downloads\avira-eu-cleaner_de.exe
2013-12-06 11:11 - 2013-12-06 11:11 - 00001992 _____ C:\Users\Seb\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-12-06 11:11 - 2013-12-06 11:11 - 00001936 _____ C:\Users\Seb\Desktop\Avira EU-Cleaner.lnk
2013-12-06 11:08 - 2013-12-06 11:08 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-12-06 11:07 - 2013-12-06 11:07 - 01070944 _____ (Solid State Networks) C:\Users\Seb\Downloads\install_flashplayer11x32_mssa_aaa_aih.exe
2013-12-06 02:42 - 2013-12-06 02:42 - 00383952 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-06 02:38 - 2013-12-06 02:38 - 01110034 _____ C:\Users\Seb\Downloads\adwcleaner(1).exe
2013-12-06 02:11 - 2013-12-06 02:11 - 00076630 _____ C:\Users\Seb\Downloads\Extras.Txt
2013-12-06 02:10 - 2013-12-06 02:10 - 00138086 _____ C:\Users\Seb\Downloads\OTL.Txt
2013-12-06 02:04 - 2013-12-06 02:04 - 00602112 _____ (OldTimer Tools) C:\Users\Seb\Downloads\OTL.exe
2013-12-06 01:55 - 2013-12-06 01:55 - 00001013 _____ C:\Users\Seb\Desktop\JRT.txt
2013-12-06 01:50 - 2013-12-06 01:50 - 01034531 _____ (Thisisu) C:\Users\Seb\Downloads\JRT.exe
2013-12-06 01:50 - 2013-12-06 01:50 - 00000000 ____D C:\windows\ERUNT
2013-12-06 00:37 - 2013-12-06 00:54 - 00000000 ___SD C:\ComboFix
2013-12-06 00:37 - 2013-12-06 00:37 - 00000000 ___SD C:\32788R22FWJFW
2013-12-06 00:19 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2013-12-06 00:19 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2013-12-06 00:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-12-06 00:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-12-06 00:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-12-06 00:19 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2013-12-06 00:19 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2013-12-06 00:19 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2013-12-06 00:19 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2013-12-06 00:14 - 2013-12-06 00:14 - 00001412 _____ C:\Users\Seb\Desktop\ComboFix - Verknüpfung.lnk
2013-12-06 00:13 - 2013-12-06 00:19 - 00000000 ____D C:\Qoobox
2013-12-06 00:12 - 2013-12-06 00:12 - 05152313 ____R (Swearware) C:\Users\Seb\Downloads\ComboFix.exe
2013-12-06 00:12 - 2013-12-06 00:12 - 00000000 ____D C:\windows\erdnt
2013-12-02 02:54 - 2013-12-05 01:41 - 00011110 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)7.sgm
2013-12-01 19:22 - 2013-12-01 19:22 - 00009257 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)6.sgm
2013-11-28 01:47 - 2013-11-28 02:48 - 00009392 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)5.sgm
2013-11-27 14:53 - 2013-11-27 22:00 - 00008283 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)4.sgm
2013-11-27 03:22 - 2013-11-27 03:22 - 00009096 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)3.sgm
2013-11-27 00:03 - 2013-11-27 03:22 - 00009121 _____ C:\Users\Seb\Downloads\Pokemon Gold (D).sgm
2013-11-27 00:03 - 2013-11-27 00:03 - 00008989 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)1.sgm
2013-11-27 00:03 - 2013-11-27 00:03 - 00008577 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)2.sgm
2013-11-26 23:33 - 2013-11-26 23:33 - 00008360 _____ C:\Users\Seb\Desktop\Pokemon Gold (D).sgm
2013-11-26 22:56 - 2013-12-05 01:41 - 00032812 _____ C:\Users\Seb\Downloads\Pokemon Gold (D).sav
2013-11-26 22:52 - 2013-11-26 22:52 - 00000000 ____D C:\Users\Seb\Documents\VisualBoyAdvance-1.8.0-beta3
2013-11-26 22:51 - 2013-11-26 22:51 - 00689051 _____ C:\Users\Seb\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2013-11-26 22:50 - 2013-11-26 22:50 - 00768138 _____ C:\Users\Seb\Downloads\Pokemon Gold (D).zip
2013-11-23 17:35 - 2013-11-23 17:44 - 00000000 ____D C:\Users\Seb\Desktop\bfgminer-3.1.4-win64
2013-11-23 16:04 - 2013-11-23 16:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-11-23 16:04 - 2013-11-23 16:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-11-23 16:04 - 2013-11-23 16:04 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-11-23 16:04 - 2013-11-23 16:04 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\ProgramData\Sun
2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\ProgramData\Oracle
2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-23 16:03 - 2013-11-23 16:03 - 00915368 _____ (Oracle Corporation) C:\Users\Seb\Downloads\jxpiinstall.exe
2013-11-23 16:02 - 2013-11-23 16:02 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2013-11-23 16:02 - 2013-11-23 16:02 - 00000000 ____D C:\Program Files\DIFX
2013-11-23 16:01 - 2013-11-23 16:01 - 03847349 _____ C:\Users\Seb\Downloads\CP210x_VCP_Windows.zip
2013-11-23 16:01 - 2013-11-23 16:01 - 00000000 ____D C:\Users\Seb\Desktop\CP210x_VCP_Windows
2013-11-23 15:59 - 2013-11-23 15:59 - 00000000 ____D C:\Users\Seb\Documents\CP210x_VCP_Windows
2013-11-22 13:53 - 2013-11-22 13:53 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-21 14:32 - 2013-11-21 14:32 - 00000000 ____D C:\ProgramData\Package Cache
2013-11-16 15:25 - 2013-11-16 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 13:52 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-14 13:52 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-14 13:52 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2013-11-14 13:52 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2013-11-13 14:43 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-13 14:43 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2013-11-13 14:43 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-13 14:43 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2013-11-13 14:43 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-13 14:43 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-13 14:43 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-13 14:43 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-13 14:43 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-13 14:43 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-13 14:43 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2013-11-13 14:43 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2013-11-13 14:43 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2013-11-13 14:43 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2013-11-13 14:43 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2013-11-13 14:43 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2013-11-13 14:43 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2013-11-13 14:43 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2013-11-13 14:43 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2013-11-13 14:43 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2013-11-13 14:43 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2013-11-13 14:43 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2013-11-13 14:43 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2013-11-13 14:43 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2013-11-13 14:43 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2013-11-13 14:43 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-13 14:43 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys
2013-11-13 14:43 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2013-11-13 14:43 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2013-11-13 14:43 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2013-11-13 14:43 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2013-11-13 14:43 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2013-11-13 14:43 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2013-11-13 14:43 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-13 14:43 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2013-11-13 14:43 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2013-11-13 14:43 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2013-11-13 14:42 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-13 14:42 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-13 14:42 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-13 14:42 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-13 14:42 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-13 14:42 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-13 14:42 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-13 14:42 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-13 14:42 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-13 14:42 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-13 14:42 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-13 14:42 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-13 14:42 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-13 14:42 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-13 14:42 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-13 14:42 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-10 23:48 - 2013-11-12 17:44 - 00000000 ____D C:\Users\Seb\Documents\GTA Vice City User Files
2013-11-10 23:17 - 2013-11-10 23:17 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2013-11-08 22:28 - 2013-11-08 22:29 - 00000000 ____D C:\Users\Seb\Desktop\Mining BitCoin
2013-11-08 21:26 - 2013-11-08 21:26 - 00000000 ____D C:\Users\Seb\Documents\cgminer-3.7.0-windows
2013-11-07 02:39 - 2013-11-07 02:39 - 00007597 _____ C:\Users\Seb\AppData\Local\Resmon.ResmonCfg
2013-11-06 23:53 - 2013-11-20 01:25 - 00000000 ____D C:\Users\Seb\AppData\Roaming\Bitcoin
2013-11-06 23:53 - 2013-11-06 23:53 - 11678760 _____ (Bitcoin project) C:\Users\Seb\Downloads\bitcoin-0.8.5-win32-setup.exe
2013-11-06 23:53 - 2013-11-06 23:53 - 00000000 ____D C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin
2013-11-06 23:53 - 2013-11-06 23:53 - 00000000 ____D C:\Program Files (x86)\Bitcoin

==================== One Month Modified Files and Folders =======

2013-12-06 15:34 - 2013-12-06 15:33 - 00017019 _____ C:\Users\Seb\Downloads\FRST.txt
2013-12-06 15:32 - 2013-12-06 15:32 - 00000000 ____D C:\FRST
2013-12-06 15:32 - 2013-09-05 10:06 - 00000000 ____D C:\Users\Seb\Documents\MASTERARBEIT
2013-12-06 15:31 - 2013-12-06 15:31 - 01925820 _____ (Farbar) C:\Users\Seb\Downloads\FRST64.exe
2013-12-06 15:25 - 2013-03-17 05:11 - 02063493 _____ C:\windows\WindowsUpdate.log
2013-12-06 15:24 - 2013-07-03 17:03 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-06 15:05 - 2013-07-03 17:03 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-06 15:05 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru
2013-12-06 12:51 - 2013-03-16 16:53 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-06 12:41 - 2013-12-06 12:29 - 00000000 ____D C:\Users\Seb\Desktop\mbar
2013-12-06 12:41 - 2013-12-06 12:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-06 12:29 - 2013-12-06 12:29 - 00116440 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-06 12:29 - 2013-12-06 12:29 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-12-06 12:28 - 2013-12-06 12:28 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Seb\Downloads\mbar-1.07.0.1007.exe
2013-12-06 11:50 - 2013-12-06 11:46 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-06 11:46 - 2013-12-06 11:45 - 10264904 _____ (SurfRight B.V.) C:\Users\Seb\Downloads\hitmanpro_x64.exe
2013-12-06 11:42 - 2013-12-06 11:42 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-12-06 11:11 - 2013-12-06 11:11 - 02209056 _____ C:\Users\Seb\Downloads\avira-eu-cleaner_de.exe
2013-12-06 11:11 - 2013-12-06 11:11 - 00001992 _____ C:\Users\Seb\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-12-06 11:11 - 2013-12-06 11:11 - 00001936 _____ C:\Users\Seb\Desktop\Avira EU-Cleaner.lnk
2013-12-06 11:08 - 2013-12-06 11:08 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-12-06 11:08 - 2013-03-17 23:19 - 00000000 ____D C:\Users\Seb\AppData\Local\Adobe
2013-12-06 11:08 - 2013-03-16 16:53 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-12-06 11:07 - 2013-12-06 11:07 - 01070944 _____ (Solid State Networks) C:\Users\Seb\Downloads\install_flashplayer11x32_mssa_aaa_aih.exe
2013-12-06 11:00 - 2012-08-01 17:38 - 00753134 _____ C:\windows\system32\perfh007.dat
2013-12-06 11:00 - 2012-08-01 17:38 - 00155826 _____ C:\windows\system32\perfc007.dat
2013-12-06 11:00 - 2012-07-26 08:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-06 02:42 - 2013-12-06 02:42 - 00383952 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-06 02:42 - 2013-10-27 22:52 - 00000000 ____D C:\AdwCleaner
2013-12-06 02:42 - 2012-11-09 08:11 - 00121894 _____ C:\windows\PFRO.log
2013-12-06 02:42 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-06 02:42 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-12-06 02:38 - 2013-12-06 02:38 - 01110034 _____ C:\Users\Seb\Downloads\adwcleaner(1).exe
2013-12-06 02:11 - 2013-12-06 02:11 - 00076630 _____ C:\Users\Seb\Downloads\Extras.Txt
2013-12-06 02:10 - 2013-12-06 02:10 - 00138086 _____ C:\Users\Seb\Downloads\OTL.Txt
2013-12-06 02:04 - 2013-12-06 02:04 - 00602112 _____ (OldTimer Tools) C:\Users\Seb\Downloads\OTL.exe
2013-12-06 01:55 - 2013-12-06 01:55 - 00001013 _____ C:\Users\Seb\Desktop\JRT.txt
2013-12-06 01:50 - 2013-12-06 01:50 - 01034531 _____ (Thisisu) C:\Users\Seb\Downloads\JRT.exe
2013-12-06 01:50 - 2013-12-06 01:50 - 00000000 ____D C:\windows\ERUNT
2013-12-06 00:54 - 2013-12-06 00:37 - 00000000 ___SD C:\ComboFix
2013-12-06 00:37 - 2013-12-06 00:37 - 00000000 ___SD C:\32788R22FWJFW
2013-12-06 00:19 - 2013-12-06 00:13 - 00000000 ____D C:\Qoobox
2013-12-06 00:14 - 2013-12-06 00:14 - 00001412 _____ C:\Users\Seb\Desktop\ComboFix - Verknüpfung.lnk
2013-12-06 00:12 - 2013-12-06 00:12 - 05152313 ____R (Swearware) C:\Users\Seb\Downloads\ComboFix.exe
2013-12-06 00:12 - 2013-12-06 00:12 - 00000000 ____D C:\windows\erdnt
2013-12-05 01:41 - 2013-12-02 02:54 - 00011110 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)7.sgm
2013-12-05 01:41 - 2013-11-26 22:56 - 00032812 _____ C:\Users\Seb\Downloads\Pokemon Gold (D).sav
2013-12-03 13:28 - 2013-04-01 11:26 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-02 01:42 - 2013-03-16 17:24 - 00000000 ____D C:\Users\Seb\AppData\Roaming\Spotify
2013-12-01 19:22 - 2013-12-01 19:22 - 00009257 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)6.sgm
2013-12-01 15:03 - 2012-07-26 08:21 - 00036870 _____ C:\windows\setupact.log
2013-12-01 15:00 - 2013-03-16 17:24 - 00000000 ____D C:\Users\Seb\AppData\Local\Spotify
2013-12-01 13:19 - 2013-07-03 17:03 - 00004096 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-01 13:19 - 2013-07-03 17:03 - 00003860 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-28 02:48 - 2013-11-28 01:47 - 00009392 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)5.sgm
2013-11-27 22:00 - 2013-11-27 14:53 - 00008283 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)4.sgm
2013-11-27 03:22 - 2013-11-27 03:22 - 00009096 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)3.sgm
2013-11-27 03:22 - 2013-11-27 00:03 - 00009121 _____ C:\Users\Seb\Downloads\Pokemon Gold (D).sgm
2013-11-27 00:03 - 2013-11-27 00:03 - 00008989 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)1.sgm
2013-11-27 00:03 - 2013-11-27 00:03 - 00008577 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)2.sgm
2013-11-26 23:33 - 2013-11-26 23:33 - 00008360 _____ C:\Users\Seb\Desktop\Pokemon Gold (D).sgm
2013-11-26 22:52 - 2013-11-26 22:52 - 00000000 ____D C:\Users\Seb\Documents\VisualBoyAdvance-1.8.0-beta3
2013-11-26 22:51 - 2013-11-26 22:51 - 00689051 _____ C:\Users\Seb\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2013-11-26 22:50 - 2013-11-26 22:50 - 00768138 _____ C:\Users\Seb\Downloads\Pokemon Gold (D).zip
2013-11-26 22:04 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-11-23 20:13 - 2012-07-26 09:12 - 00000000 ____D C:\windows\rescache
2013-11-23 17:44 - 2013-11-23 17:35 - 00000000 ____D C:\Users\Seb\Desktop\bfgminer-3.1.4-win64
2013-11-23 16:30 - 2013-01-15 01:45 - 00073238 _____ C:\windows\DPINST.LOG
2013-11-23 16:26 - 2013-03-16 14:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-23 16:26 - 2012-07-26 09:12 - 00000000 ___RD C:\windows\ToastData
2013-11-23 16:26 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore
2013-11-23 16:04 - 2013-11-23 16:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-11-23 16:04 - 2013-11-23 16:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-11-23 16:04 - 2013-11-23 16:04 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-11-23 16:04 - 2013-11-23 16:04 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\ProgramData\Sun
2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\ProgramData\Oracle
2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-23 16:03 - 2013-11-23 16:03 - 00915368 _____ (Oracle Corporation) C:\Users\Seb\Downloads\jxpiinstall.exe
2013-11-23 16:02 - 2013-11-23 16:02 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2013-11-23 16:02 - 2013-11-23 16:02 - 00000000 ____D C:\Program Files\DIFX
2013-11-23 16:01 - 2013-11-23 16:01 - 03847349 _____ C:\Users\Seb\Downloads\CP210x_VCP_Windows.zip
2013-11-23 16:01 - 2013-11-23 16:01 - 00000000 ____D C:\Users\Seb\Desktop\CP210x_VCP_Windows
2013-11-23 16:01 - 2013-10-24 22:39 - 00073216 _____ (Silicon Laboratories) C:\windows\system32\Drivers\silabser.sys
2013-11-23 16:01 - 2013-10-24 22:39 - 00027336 _____ (Silicon Laboratories) C:\windows\system32\Drivers\silabenm.sys
2013-11-23 15:59 - 2013-11-23 15:59 - 00000000 ____D C:\Users\Seb\Documents\CP210x_VCP_Windows
2013-11-22 13:53 - 2013-11-22 13:53 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-22 12:52 - 2013-10-26 01:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-11-21 14:33 - 2013-01-15 01:40 - 00000000 ____D C:\Intel
2013-11-21 14:33 - 2012-11-08 23:57 - 00000000 ____D C:\ProgramData\Intel
2013-11-21 14:32 - 2013-11-21 14:32 - 00000000 ____D C:\ProgramData\Package Cache
2013-11-21 14:32 - 2013-08-19 21:08 - 00000000 ____D C:\Users\ADMINI~1
2013-11-21 14:32 - 2013-01-15 01:46 - 00000000 ____D C:\ProgramData\Intel.sav
2013-11-21 14:32 - 2013-01-15 01:46 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-11-21 14:32 - 2013-01-15 01:41 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-11-21 14:32 - 2013-01-15 01:39 - 00000000 ____D C:\Program Files\Intel
2013-11-21 14:32 - 2012-11-08 23:57 - 00000000 ____D C:\Program Files (x86)\Intel
2013-11-20 16:52 - 2012-07-26 09:12 - 00000000 ____D C:\windows\LiveKernelReports
2013-11-20 01:25 - 2013-11-06 23:53 - 00000000 ____D C:\Users\Seb\AppData\Roaming\Bitcoin
2013-11-19 00:28 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\NDF
2013-11-16 15:25 - 2013-11-16 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 14:16 - 2013-03-21 23:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-15 13:48 - 2013-07-15 20:37 - 00000000 ____D C:\windows\system32\MRT
2013-11-15 13:47 - 2013-03-18 22:28 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-14 13:57 - 2013-05-08 10:50 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-11-14 13:57 - 2013-04-01 11:26 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-11-14 13:57 - 2013-04-01 11:26 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-11-12 19:24 - 2013-03-16 12:17 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-737478861-1433762466-2432789249-1001
2013-11-12 17:44 - 2013-11-10 23:48 - 00000000 ____D C:\Users\Seb\Documents\GTA Vice City User Files
2013-11-10 23:39 - 2013-03-16 21:52 - 00016314 _____ C:\windows\Directx.log
2013-11-10 23:18 - 2012-11-08 23:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-10 23:17 - 2013-11-10 23:17 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2013-11-08 22:29 - 2013-11-08 22:28 - 00000000 ____D C:\Users\Seb\Desktop\Mining BitCoin
2013-11-08 21:26 - 2013-11-08 21:26 - 00000000 ____D C:\Users\Seb\Documents\cgminer-3.7.0-windows
2013-11-07 02:39 - 2013-11-07 02:39 - 00007597 _____ C:\Users\Seb\AppData\Local\Resmon.ResmonCfg
2013-11-06 23:53 - 2013-11-06 23:53 - 11678760 _____ (Bitcoin project) C:\Users\Seb\Downloads\bitcoin-0.8.5-win32-setup.exe
2013-11-06 23:53 - 2013-11-06 23:53 - 00000000 ____D C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin
2013-11-06 23:53 - 2013-11-06 23:53 - 00000000 ____D C:\Program Files (x86)\Bitcoin

Some content of TEMP:
====================
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll
C:\Users\Seb\AppData\Local\Temp\avgnt.exe
C:\Users\Seb\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-28 15:57

==================== End Of Log ===========================
         

Addition Datei:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2013
Ran by Seb at 2013-12-06 15:34:24
Running from C:\Users\Seb\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acronis*True*Image*Home (x32 Version: 11.0.8010)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Aloha TriPeaks (x32 Version: 2.2.0.98)
ANNO 1503 (x32)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Avira Free Antivirus (x32 Version: 14.0.1.759)
Bejeweled 3 (x32 Version: 2.2.0.98)
Bitcoin (HKCU Version: 0.8.5)
Bonjour (Version: 3.0.0.10)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.1.04066)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04066)
Command & Conquer Generals (x32 Version: 0.50.0000)
Counter-Strike Source 1.9.1 (x32)
DAEMON Tools Lite (x32 Version: 4.46.1.0327)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
doPDF 7.3 printer
Empire Earth (x32)
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98)
Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1)
Free YouTube to MP3 Converter version 3.12.0.128 (x32 Version: 3.12.0.128)
FUSSBALL MANAGER 09 (x32)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.22.3)
Grand Theft Auto Vice City (x32 Version: 1.00.000)
HP LaserJet P1000 series (x32)
HPSSupply (x32 Version: 2.1.1.0000)
Intel AppUp(SM) center (x32 Version: 3.6.1.33268.15)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Network Connections Drivers (Version: 17.3)
Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2828)
Intel(R) Rapid Start Technology (x32 Version: 2.1.0.1002)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.2.1001)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel(R) WiDi (Version: 3.5.34.0)
Intel® PROSet/Wireless Software (x32 Version: 16.1.5)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Island Tribe (x32 Version: 2.2.0.98)
iTunes (Version: 11.1.2.32)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98)
LogMeIn Hamachi (x32 Version: 2.2.0.105)
Magic Academy (x32 Version: 2.2.0.98)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.130.10)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 24.1.1)
Mozilla Thunderbird 24.1.1 (x86 de) (x32 Version: 24.1.1)
MrvlUsgTracking (x32 Version: 1.0.7)
MrvlUsgTracking64 (Version: 1.0.1)
Nero 12 Essentials Toshiba (x32 Version: 12.0.00600)
Nero BackItUp (x32 Version: 12.0.3000)
Nero BackItUp Help (CHM) (x32 Version: 12.0.3000)
Nero Blu-ray Player (x32 Version: 12.0.17500)
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.4000)
Nero BurnRights (x32 Version: 12.0.5000)
Nero BurnRights Help (CHM) (x32 Version: 12.0.5000)
Nero ControlCenter (x32 Version: 11.0.15300)
Nero ControlCenter Help (CHM) (x32 Version: 12.0.5000)
Nero Core Components (x32 Version: 11.0.18200)
Nero Express (x32 Version: 12.0.20000)
Nero Express Help (CHM) (x32 Version: 12.0.5000)
Nero Kwik Media (x32 Version: 1.18.18900)
Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000)
Nero Kwik Themes Basic (x32 Version: 12.0.11500)
Nero Launcher (x32 Version: 12.2.6000)
Nero RescueAgent (x32 Version: 12.0.9000)
Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000)
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0)
Nero Update (x32 Version: 11.0.11800.31.0)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Peggle Nights (x32 Version: 2.2.0.98)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
Polar Bowler (x32 Version: 2.2.0.97)
Prerequisite installer (x32 Version: 12.0.0002)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6748)
RICOH Media Driver v2.22.17.01 (x32 Version: 2.22.17.01)
Shared C Run-time for x64 (Version: 10.0.0)
Sid Meier's Civilization 4 (x32 Version: 1.61)
Skype™ 6.3 (x32 Version: 6.3.105)
Spotify (HKCU Version: 0.9.6.72.ge389c074)
SRS Premium Sound Control Panel (Version: 1.12.4600)
Synaptics Pointing Device Driver (Version: 16.2.10.5)
TOSHIBA Desktop Assist (Version: 1.00.0007.00002)
TOSHIBA eco Utility (Version: 2.0.0.6415)
TOSHIBA Function Key (Version: 1.00.6625.6402)
TOSHIBA Manuals (x32 Version: 10.10)
TOSHIBA Password Utility (Version: 3.00.0002.64003)
TOSHIBA PC Health Monitor (Version: 1.8.17.640104)
TOSHIBA Recovery Media Creator (x32 Version: 2.2.1.54043006)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.2.2.00)
TOSHIBA Service Station (Version: 2.4.6)
TOSHIBA System Driver (x32 Version: 1.00.0012)
TOSHIBA System Settings (x32 Version: 1.00.0002.32002)
Toshiba TEMPRO (x32 Version: 4.5.0)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
Update Installer for WildTangent Games App (x32)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98)
Welcome App (Start-up experience) (x32 Version: 12.0.14000)
WildTangent Games (x32 Version: 1.0.3.0)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports  (10/18/2013 6.6.1.0) (Version: 10/18/2013 6.6.1.0)
Xfire (remove only) (x32)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

==================== Restore Points  =========================

17-11-2013 22:40:02 Windows Update
21-11-2013 13:31:44 Windows Update
23-11-2013 15:04:16 Installed Java 7 Update 45
30-11-2013 16:45:58 Geplanter Prüfpunkt
05-12-2013 23:19:02 ComboFix created restore point

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {14A6BD4C-A6E2-4F35-B652-641AEAE236B9} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2012-08-23] (TOSHIBA Corporation)
Task: {25EFD721-B249-4586-928F-FEF77859D5E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-06] (Adobe Systems Incorporated)
Task: {56646ECA-B8DF-412F-ABDA-99F992CF7BA2} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {74CA6B9C-6BB8-4DA6-85E0-3E0EA7BB6753} - \Scheduled Update for Ask Toolbar No Task File
Task: {89A3EF59-80D8-4277-AAA7-84286EE6F95E} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-18] (Toshiba Europe GmbH)
Task: {9A17AAAE-86BA-4B7A-806C-086C4AAA3365} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03] (Google Inc.)
Task: {C406893B-1034-4290-8512-5AAAE1476259} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E6DF1243-744B-4D1A-8467-47FB61413B1C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-06 06:36 - 2012-08-06 06:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2010-03-03 23:15 - 2010-03-03 23:15 - 00019256 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnF10.dll
2010-03-03 23:15 - 2010-03-03 23:15 - 00019256 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnF11.dll
2012-08-14 04:13 - 2012-08-14 04:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2013-03-16 23:49 - 2012-12-18 09:31 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-15 01:39 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-11-08 23:57 - 2012-08-01 23:01 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2012-11-08 23:57 - 2012-08-01 23:01 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2012-11-08 23:57 - 2012-08-01 23:01 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-11-08 23:57 - 2012-08-01 23:01 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-11-08 23:57 - 2012-08-01 23:01 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-11-08 23:57 - 2012-08-01 23:01 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2012-11-08 23:57 - 2012-08-01 23:01 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-11-08 23:57 - 2012-08-01 23:01 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-11-08 23:57 - 2012-08-01 23:01 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-11-08 23:57 - 2012-08-01 23:01 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-11-08 23:57 - 2012-08-01 23:01 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-11-08 23:57 - 2012-08-01 23:01 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2007-08-31 17:13 - 2007-08-31 17:13 - 01336600 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
2013-11-16 15:25 - 2013-11-16 15:25 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2013 11:46:35 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (12/04/2013 00:28:50 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (12/03/2013 03:14:20 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WLANExt.exe, Version: 6.2.9200.16384, Zeitstempel: 0x5010891a
Name des fehlerhaften Moduls: IWMSSvc.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x521e806a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fd7790b723
ID des fehlerhaften Prozesses: 0x2ef4
Startzeit der fehlerhaften Anwendung: 0xWLANExt.exe0
Pfad der fehlerhaften Anwendung: WLANExt.exe1
Pfad des fehlerhaften Moduls: WLANExt.exe2
Berichtskennung: WLANExt.exe3
Vollständiger Name des fehlerhaften Pakets: WLANExt.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WLANExt.exe5

Error: (12/02/2013 05:01:28 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WLANExt.exe, Version: 6.2.9200.16384, Zeitstempel: 0x5010891a
Name des fehlerhaften Moduls: IWMSSvc.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x521e806a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fd818bb723
ID des fehlerhaften Prozesses: 0x1bc0
Startzeit der fehlerhaften Anwendung: 0xWLANExt.exe0
Pfad der fehlerhaften Anwendung: WLANExt.exe1
Pfad des fehlerhaften Moduls: WLANExt.exe2
Berichtskennung: WLANExt.exe3
Vollständiger Name des fehlerhaften Pakets: WLANExt.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WLANExt.exe5

Error: (12/02/2013 00:55:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WLANExt.exe, Version: 6.2.9200.16384, Zeitstempel: 0x5010891a
Name des fehlerhaften Moduls: IWMSSvc.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x521e806a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fd79aeb723
ID des fehlerhaften Prozesses: 0x39cc
Startzeit der fehlerhaften Anwendung: 0xWLANExt.exe0
Pfad der fehlerhaften Anwendung: WLANExt.exe1
Pfad des fehlerhaften Moduls: WLANExt.exe2
Berichtskennung: WLANExt.exe3
Vollständiger Name des fehlerhaften Pakets: WLANExt.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WLANExt.exe5

Error: (11/30/2013 03:13:39 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (11/29/2013 02:53:06 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (11/28/2013 05:31:17 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (11/26/2013 08:51:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Sebastian)
Description: Das Paket „Microsoft.ZuneMusic_1.5.214.0_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (11/26/2013 08:35:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Sebastian)
Description: Die App „Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.


System errors:
=============
Error: (12/06/2013 03:05:28 PM) (Source: NetBT) (User: )
Description: Der Name "SEBASTIAN      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 172.29.242.208
registriert werden. Der Computer mit IP-Adresse 134.95.112.101 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (12/06/2013 00:41:22 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume4\PROGRAM FILES\MCAFEE SECURITY SCAN\3.8.130\SSSCHEDULER.EXE

Error: (12/06/2013 00:40:33 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume4\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVWSC.EXE

Error: (12/06/2013 00:40:33 PM) (Source: mbamchameleon) (User: )
Description: \??\C:\Program Files (x86)\Avira\AntiVir Desktop\avwsc.exe

Error: (12/06/2013 00:30:32 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume4\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVWSC.EXE

Error: (12/06/2013 00:30:32 PM) (Source: mbamchameleon) (User: )
Description: \??\C:\Program Files (x86)\Avira\AntiVir Desktop\avwsc.exe

Error: (12/06/2013 00:29:10 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume4\PROGRAM FILES\MCAFEE SECURITY SCAN\3.8.130\SSSCHEDULER.EXE

Error: (12/06/2013 00:29:10 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume4\PROGRAM FILES\MCAFEE SECURITY SCAN\3.8.130\SSSCHEDULER.EXE

Error: (12/06/2013 00:29:09 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume4\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

Error: (12/06/2013 00:29:09 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume4\PROGRAM FILES\MCAFEE SECURITY SCAN\3.8.130\SSSCHEDULER.EXE


Microsoft Office Sessions:
=========================
Error: (12/05/2013 11:46:35 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (12/04/2013 00:28:50 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (12/03/2013 03:14:20 PM) (Source: Application Error)(User: )
Description: WLANExt.exe6.2.9200.163845010891aIWMSSvc.dll_unloaded0.0.0.0521e806ac0000005000007fd7790b7232ef401cef022d8735bfbC:\windows\system32\WLANExt.exeIWMSSvc.dll33185d6b-5c25-11e3-bee8-c8f733913623

Error: (12/02/2013 05:01:28 PM) (Source: Application Error)(User: )
Description: WLANExt.exe6.2.9200.163845010891aIWMSSvc.dll_unloaded0.0.0.0521e806ac0000005000007fd818bb7231bc001ceef5f2be4fc58C:\windows\system32\WLANExt.exeIWMSSvc.dll006c8d6f-5b6b-11e3-bee8-c8f733913623

Error: (12/02/2013 00:55:34 PM) (Source: Application Error)(User: )
Description: WLANExt.exe6.2.9200.163845010891aIWMSSvc.dll_unloaded0.0.0.0521e806ac0000005000007fd79aeb72339cc01ceef475a8aa028C:\windows\system32\WLANExt.exeIWMSSvc.dlla65986df-5b48-11e3-bee8-c8f733913623

Error: (11/30/2013 03:13:39 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (11/29/2013 02:53:06 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (11/28/2013 05:31:17 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (11/26/2013 08:51:09 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Sebastian)
Description: Microsoft.ZuneMusic_1.5.214.0_x64__8wekyb3d8bbwe

Error: (11/26/2013 08:35:46 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Sebastian)
Description: Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 3990.14 MB
Available physical RAM: 2281.21 MB
Total Pagefile: 6678.14 MB
Available Pagefile: 4630.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (TI31016900A) (Fixed) (Total:219.49 GB) (Free:86.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238 GB) (Disk ID: 728F6589)

Partition: GPT Partition Type
==================== End Of Log ============================
         

GMER Datei:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-06 15:46:26
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000042 TOSHIBA_THNSNF256GMCS rev.FSTAN103 238,47GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Seb\AppData\Local\Temp\fgtcapow.sys


---- User code sections - GMER 2.1 ----

.text   C:\windows\System32\spoolsv.exe[1724] C:\windows\system32\MSIMG32.DLL!GradientFill + 690                                           000007fc48bd1532 4 bytes [BD, 48, FC, 07]
.text   C:\windows\System32\spoolsv.exe[1724] C:\windows\system32\MSIMG32.DLL!GradientFill + 698                                           000007fc48bd153a 4 bytes [BD, 48, FC, 07]
.text   C:\windows\System32\spoolsv.exe[1724] C:\windows\system32\MSIMG32.DLL!TransparentBlt + 246                                         000007fc48bd165a 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2092] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                000007fc48bd1532 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2092] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                000007fc48bd153a 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2092] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                              000007fc48bd165a 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2092] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                      000007fc4e7a177a 4 bytes [7A, 4E, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2092] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                      000007fc4e7a1782 4 bytes [7A, 4E, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2092] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                    000007fc451e1b32 4 bytes [1E, 45, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2092] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                    000007fc451e1b3a 4 bytes [1E, 45, FC, 07]
.text   C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2288] C:\windows\system32\PsApi.dll!GetProcessImageFileNameA + 306       000007fc4e7a177a 4 bytes [7A, 4E, FC, 07]
.text   C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2288] C:\windows\system32\PsApi.dll!GetProcessImageFileNameA + 314       000007fc4e7a1782 4 bytes [7A, 4E, FC, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2392] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306  000007fc4e7a177a 4 bytes [7A, 4E, FC, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2392] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314  000007fc4e7a1782 4 bytes [7A, 4E, FC, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2392] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690            000007fc48bd1532 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2392] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698            000007fc48bd153a 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2392] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246          000007fc48bd165a 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2676] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                     000007fc48bd1532 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2676] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                     000007fc48bd153a 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2676] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                   000007fc48bd165a 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2676] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306           000007fc4e7a177a 4 bytes [7A, 4E, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2676] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314           000007fc4e7a1782 4 bytes [7A, 4E, FC, 07]
.text   C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2700] C:\windows\system32\PsApi.dll!GetProcessImageFileNameA + 306            000007fc4e7a177a 4 bytes [7A, 4E, FC, 07]
.text   C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2700] C:\windows\system32\PsApi.dll!GetProcessImageFileNameA + 314            000007fc4e7a1782 4 bytes [7A, 4E, FC, 07]
.text   C:\windows\system32\wbem\wmiprvse.exe[2868] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                           000007fc4e7a177a 4 bytes [7A, 4E, FC, 07]
.text   C:\windows\system32\wbem\wmiprvse.exe[2868] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                           000007fc4e7a1782 4 bytes [7A, 4E, FC, 07]
.text   C:\windows\system32\wbem\wmiprvse.exe[2868] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                     000007fc48bd1532 4 bytes [BD, 48, FC, 07]
.text   C:\windows\system32\wbem\wmiprvse.exe[2868] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                     000007fc48bd153a 4 bytes [BD, 48, FC, 07]
.text   C:\windows\system32\wbem\wmiprvse.exe[2868] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                   000007fc48bd165a 4 bytes [BD, 48, FC, 07]
.text   C:\windows\system32\WLANExt.exe[580] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                  000007fc4e7a177a 4 bytes [7A, 4E, FC, 07]
.text   C:\windows\system32\WLANExt.exe[580] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                  000007fc4e7a1782 4 bytes [7A, 4E, FC, 07]
.text   C:\windows\system32\WLANExt.exe[580] C:\windows\system32\MSIMG32.dll!GradientFill + 690                                            000007fc48bd1532 4 bytes [BD, 48, FC, 07]
.text   C:\windows\system32\WLANExt.exe[580] C:\windows\system32\MSIMG32.dll!GradientFill + 698                                            000007fc48bd153a 4 bytes [BD, 48, FC, 07]
.text   C:\windows\system32\WLANExt.exe[580] C:\windows\system32\MSIMG32.dll!TransparentBlt + 246                                          000007fc48bd165a 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4908] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                            000007fc48bd1532 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4908] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                            000007fc48bd153a 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4908] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                          000007fc48bd165a 4 bytes [BD, 48, FC, 07]
.text   C:\Windows\System32\igfxpers.exe[5724] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                000007fc4e7a177a 4 bytes [7A, 4E, FC, 07]
.text   C:\Windows\System32\igfxpers.exe[5724] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                000007fc4e7a1782 4 bytes [7A, 4E, FC, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2360] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                           000007fc48bd1532 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2360] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                           000007fc48bd153a 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2360] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                         000007fc48bd165a 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[5568] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                         000007fc48bd1532 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[5568] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                         000007fc48bd153a 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[5568] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                       000007fc48bd165a 4 bytes [BD, 48, FC, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6452] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                   000007fc4e7a177a 4 bytes [7A, 4E, FC, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6452] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                   000007fc4e7a1782 4 bytes [7A, 4E, FC, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4504] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                000007fc4e7a177a 4 bytes [7A, 4E, FC, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4504] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                000007fc4e7a1782 4 bytes [7A, 4E, FC, 07]

---- Threads - GMER 2.1 ----

Thread  C:\windows\system32\csrss.exe [824:5436]                                                                                           fffff9600086c5e8

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                              unknown MBR code

---- EOF - GMER 2.1 ----
         


Vielen Dank für Eure Hilfe schon einmal vorab! :-)

Alt 06.12.2013, 16:17   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8: keineantwortadresse@web.de - Standard

Windows 8: keineantwortadresse@web.de



hi,

Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
  • Führe die mbrmastr.exe aus.
  • Drücke auf Backup MBR und speichere es als emsi auf den Desktop.
  • Schliesse dann das Programm wieder.
  • Packe die erstellte emsi.mbr in ein zip-Archiv (Rechtsklick -> Senden an -> Zip-komprimierten Ordner) und hänge die Datei hier an.
  • Auf dem Desktop wird ebenfalls eine Textdatei MBRMastr_<date>_<time>.txt erstellt. Poste deren Inhalt bitte hier.
__________________

__________________

Alt 06.12.2013, 16:25   #3
Gurke10000
 
Windows 8: keineantwortadresse@web.de - Standard

Windows 8: keineantwortadresse@web.de



Hi,

Hier das Text Log:

Code:
ATTFilter
Detected Windows version: 6.2 Build 9200 
Installing direct disk access driver ...
Driver connection handle: 0x00000154
1 valid drive(s) found.

Details for Disk 0 - TOSHIBA THNSNF256GMCS Rev FSTAN103:
  Device name              : \\.\PhysicalDrive0
  Geometry (C/H/S)         : 31130/255/63
  Boot loader reputation   : Unknown
  Cross view comparison    : Passed
  Partition table integrity: Passed

  Boot loader hashes
    SHA-1                  : 639AC5CDF8A5CF3245975932C6A4215450A7B98F
    MD5                    : 5FB38429D5D77768867C76DCBDB35194
         

Anbei das zip
__________________

Alt 07.12.2013, 12:05   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8: keineantwortadresse@web.de - Standard

Windows 8: keineantwortadresse@web.de



alles gut. Ändere das Passwort zum Email Account. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.12.2013, 15:27   #5
Gurke10000
 
Windows 8: keineantwortadresse@web.de - Standard

Windows 8: keineantwortadresse@web.de



Hey Schrauber!

Vielen Dank! :-)

Seitdem ich das Passwort am Donnerstag gegen 23 Uhr geändert habe, keine einzige Email mehr bekommen!

War das denn eher ein Passwort-Hack?


Alt 08.12.2013, 07:24   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8: keineantwortadresse@web.de - Standard

Windows 8: keineantwortadresse@web.de



Genau
__________________
--> Windows 8: keineantwortadresse@web.de

Antwort

Themen zu Windows 8: keineantwortadresse@web.de
4d36e972-e325-11ce-bfc1-08002be10318, adblock, antimalwarebytes, antivir, antivirus, avira, bonjour, computer, converter, desktop, device driver, entfernen, excel, firefox, flash player, homepage, installation, mozilla, mp3, plug-in, realtek, registry, rundll, scan, security, spotify web helper, svchost.exe, system, trojaner, vice city, virus, wildtangent games, windows, ändern




Ähnliche Themen: Windows 8: keineantwortadresse@web.de


  1. ,,keineantwortadresse@web.de'' - Spam Mail wurde ausgehend meines Email Accounts versendet. Mit Inhalt: Link eines Pharmazieonline portals
    Log-Analyse und Auswertung - 24.04.2015 (16)
  2. keineantwortadresse@web.de Account gehackt oder Problem auf Rechner?
    Plagegeister aller Art und deren Bekämpfung - 03.03.2015 (10)
  3. Windows 8, Windows 7, Android, Windows Phone - Websiten werden auf adfoc.us umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 30.11.2014 (7)
  4. keineantwortadresse@web.de
    Plagegeister aller Art und deren Bekämpfung - 26.09.2014 (15)
  5. keineantwortadresse@web.de/Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 18.08.2014 (6)
  6. mac OSX <keineantwortadresse@web.de> Spammailhallo zusammen, seit einigen monaten bekomme ich folgende mails: keineantwortadresse@web.de B
    Plagegeister aller Art und deren Bekämpfung - 18.07.2014 (13)
  7. keineantwortadresse@web.de Trojaner? Account gehacked?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2014 (11)
  8. Mailbot - keineantwortadresse@web.de
    Plagegeister aller Art und deren Bekämpfung - 01.02.2014 (7)
  9. Windows 7: Windows-Sicherheitscenter und Windows Defender funktionieren nicht mehr, Services.exe verseucht?
    Log-Analyse und Auswertung - 07.01.2014 (8)
  10. Mail-Adresse gehackt? - "keineantwortadresse@web.de" - Mail-Flut
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (5)
  11. E-Mail-Problem bei WEB.DE (Mail delivery failed: returning message to sender - keineantwortadresse@web.de )
    Plagegeister aller Art und deren Bekämpfung - 12.10.2013 (11)
  12. "keineantwortadresse@web.de"
    Plagegeister aller Art und deren Bekämpfung - 10.10.2013 (3)
  13. Mac: web.de-Problem: keineantwortadresse@web.de
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (1)
  14. keineantwortadresse@web.de
    Plagegeister aller Art und deren Bekämpfung - 28.09.2013 (3)
  15. Win 7: keineantwortadresse@web.de
    Log-Analyse und Auswertung - 18.08.2013 (11)
  16. Email "Vorsorgliche Sicherheitssperre Ihres Postfachs!" von keineantwortadresse@web.de
    Plagegeister aller Art und deren Bekämpfung - 04.05.2013 (22)
  17. Mail Bot - "keineantwortadresse@web.de" / OTL Auswertung
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (26)

Zum Thema Windows 8: keineantwortadresse@web.de - Hallo liebe Community, ich bin neu hier! Grund ist allerdings ein unerfreulicher! Und zwar bekam ich gestern im Laufe des Tages zig Mails von keineantwortadresse@web.de, welche angeblich alle von meinem - Windows 8: keineantwortadresse@web.de...
Archiv
Du betrachtest: Windows 8: keineantwortadresse@web.de auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.