Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.01.2014, 08:57   #1
warhammer73
 
Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme - Standard

Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme



Hallo,

wir haben uns auf dem einzigen Windows Rechner den BKA Trojaner eingefangen (Vermutlich über ein altes Acrobat Reader oder Java würde ich vermuten).
Da sich der Rechner noch im abgesicherten Modus starten liess haben wir den Rechner wieder soweit bekommen das er wieder normal startet.

Weder Hitman Pro, JRT, Avira, Avast oder Anti Malware finden noch irgendwas verdächtiges beim scannen. Hitman meckert wie zu erwarten über die anderen Virenprogramme aber ansonsten alles iO.
Gescannt wurde sowohl im abgesicherten Modus als auch im normalen Windows Modus.
RKILL ist der Meinung das alles iO ist.
Zusätzlich hat Avast auch gescannt bevor Windows gestartet ist.
Per Boot-CD liefen noch Avira, Clam-AV und Kasparsky. Alle ohne größere Befunde ("Defekte Archive" weil teilweise keine aktuellen RARs oder absichtlich passwortgesicherte Dateien geöffnet werden konnten, aber sonst alles gut).

Soweit so schön.

ABER:
Stopzilla meckert bei jedem Scan DisableTaskMgr und DisableRegistryTools an.
Nur sind diese Einträge nicht zu finden. Weder im normalen Windows, noch im abgesicherten Modus. Auch die Registry Editoren auf den Notfall-CDs der Anti-Virenhersteller finden diese Einträge nicht.
Mach hier Stopzilla Mist, oder habe ich ein größere Problem?
... keine Ahnung ob dazu relevant und überhaupt in irgend einer Verbindung mit dem Virenbefall: Im abgesicherten Modus funktioniert ein Benutzerwechsel, im normalen Windows Modus wird der Bildschirm einfach nur schwarz.

Alt 02.01.2014, 10:54   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme - Standard

Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 02.01.2014, 17:26   #3
warhammer73
 
Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme - Standard

Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme



Hallo,

danke für die Tips. Hatte ich mir auch durchgelesen nur war ich weit weg vom Rechner.

frst.log

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2014 01
Ran by ***** (administrator) on COMPAQ on 02-01-2014 10:28:56
Running from D:\AV
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(COMODO.) C:\Program Files\COMODO\Time Machine\ClientService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SmarThru Office\BackUpSvr.exe
(COMODO.) C:\Program Files\COMODO\Time Machine\CTMTRAY.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-14] (IDT, Inc.)
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [699472 2012-05-04] ()
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] ()
HKLM\...\Run: [STO Backup Service] - C:\Program Files\SmarThru Office\BackUpSvr.exe [199760 2012-01-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [COMODO_TimeMachine] - C:\Program Files\COMODO\Time Machine\CTMTRAY.exe [4910904 2010-07-20] (COMODO.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-02] (AVAST Software)
HKLM\...\runonceex: [ContentMerger] - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
MountPoints2: D - D:\LaunchU3.exe -a
MountPoints2: {0ec2c14c-decd-11de-a1c8-806e6f6e6963} - F:\AUTORUN\AUTORUN.EXE
MountPoints2: {249ac206-4f40-11e2-b24d-0027133a0128} - D:\navi\ai12h32.exe
MountPoints2: {6aecf39a-74aa-11e1-bc5f-0027133a0128} - D:\LaunchU3.exe -a
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-07-16] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-07-16] (Hewlett-Packard)
BootExecute: autocheck autochk * bootdeletesdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - (No Name) - {90eee664-34b1-422a-a782-779af65cdf6d} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {E53F6B79-27AF-4ABE-9875-AA35CEC83E09} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {E53F6B79-27AF-4ABE-9875-AA35CEC83E09} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {90EEE664-34B1-422A-A782-779AF65CDF6D} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\f5funbj5.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @rim.com/npappworld - C:\Program Files\Research In Motion Limited\Browser-Plug-In für BlackBerry App World\npappworld.dll ()
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

========================== Services (Whitelisted) =================

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-02] (AVAST Software)
S4 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-05] (Microsoft Corp.)
R2 ClientService; C:\Program Files\COMODO\Time Machine\ClientService.exe [280888 2010-07-20] (COMODO.)
S4 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 Samsung Network Fax Server; C:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [176640 2012-03-23] (Samsung Electronics Co., Ltd.)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe [221266 2009-07-14] (IDT, Inc.)
S2 StartServer; C:\Program Files\AdvoluxJava\StartServer.exe [154112 2011-04-08] ()

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-01-02] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [79720 2014-01-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-01-02] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [775952 2014-01-02] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [410528 2014-01-02] (AVAST Software)
R3 aswStm; C:\windows\system32\drivers\aswStm.sys [64168 2014-01-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-02] ()
R0 CTMFLT; C:\Windows\System32\Drivers\CTMFLT.sys [2097152 2010-07-19] ()
R0 CTMMOUNT; C:\Windows\System32\Drivers\CTMMOUNT.sys [2097152 2010-07-19] ()
R0 CTMSHD; C:\Windows\System32\Drivers\CTMSHD.sys [2097152 2010-07-19] ()
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [53184 2008-04-15] (FTDI Ltd.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-10-04] (GFI Software)
S3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [226080 2012-09-20] (GFI Software)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [95488 2012-09-12] (GFI Software)
R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [95488 2012-09-12] (GFI Software)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [94496 2012-09-20] (GFI Software)
S3 sbwtis; C:\Windows\System32\DRIVERS\sbwtis.sys [75552 2012-09-20] (GFI Software)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-07-02] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 gfiark; system32\drivers\gfiark.sys [x]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-02 10:14 - 2014-01-02 10:14 - 00000000 ____D C:\FRST
2014-01-02 10:11 - 2014-01-02 10:12 - 00000000 ___RD C:\Save
2014-01-02 01:04 - 2014-01-02 01:04 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-01-02 01:04 - 2014-01-02 01:04 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-01-02 01:04 - 2014-01-02 01:04 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVAST Software
2014-01-02 01:04 - 2014-01-02 00:47 - 00775952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00410528 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00270240 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-01-02 01:04 - 2014-01-02 00:47 - 00180248 _____ C:\windows\system32\Drivers\aswVmm.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00079720 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00049944 _____ C:\windows\system32\Drivers\aswRvrt.sys
2014-01-02 00:47 - 2014-01-02 00:47 - 00043152 _____ (AVAST Software) C:\windows\avaED8B.tmp
2014-01-02 00:45 - 2014-01-02 00:45 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-02 00:43 - 2014-01-02 00:43 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-02 00:04 - 2014-01-02 00:04 - 91412976 _____ (AVAST Software) C:\Users\*****\Downloads\avast_free_antivirus_setup (1).exe
2014-01-01 23:47 - 2012-09-20 05:11 - 00094496 _____ (GFI Software) C:\windows\system32\Drivers\sbhips.sys
2014-01-01 23:46 - 2014-01-01 23:46 - 00000000 ____D C:\windows\system32\Drivers\VDD
2014-01-01 23:46 - 2012-09-20 05:11 - 00226080 _____ (GFI Software) C:\windows\system32\Drivers\SbFw.sys
2014-01-01 23:46 - 2012-09-12 20:19 - 00095488 _____ (GFI Software) C:\windows\system32\Drivers\SbFwIm.sys
2014-01-01 23:43 - 2014-01-02 00:01 - 00000000 ____D C:\ProgramData\ParetoLogic
2014-01-01 23:15 - 2014-01-01 23:15 - 00131072 ____N C:\windows\Minidump\010114-40373-01.dmp
2014-01-01 21:39 - 2014-01-01 21:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2014-01-01 21:39 - 2014-01-01 21:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2014-01-01 21:36 - 2014-01-01 21:36 - 00131072 ____N C:\windows\Minidump\010114-74272-01.dmp
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 ____D C:\Users\Administrator
2014-01-01 19:02 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2014-01-01 19:02 - 2009-12-02 00:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ATI
2014-01-01 19:02 - 2009-12-02 00:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\ATI
2014-01-01 19:02 - 2009-07-27 08:37 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2014-01-01 19:02 - 2009-07-14 05:42 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-01 19:02 - 2009-07-14 05:37 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-01 19:00 - 2014-01-01 19:00 - 00131072 ____N C:\windows\Minidump\010114-61589-01.dmp
2014-01-01 18:54 - 2014-01-01 18:54 - 00131072 ____N C:\windows\Minidump\010114-62384-01.dmp
2014-01-01 16:57 - 2014-01-01 16:58 - 00260576 _____ C:\windows\msxml4-KB2758694-enu.LOG
2014-01-01 16:10 - 2014-01-01 16:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-01 16:10 - 2014-01-01 16:10 - 00000000 ____D C:\Program Files\Adobe
2014-01-01 15:22 - 2014-01-01 15:22 - 02434048 _____ C:\Users\*****\Downloads\msxml.msi
2014-01-01 13:20 - 2014-01-01 13:20 - 00104664 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\Program Files\MSECache
2014-01-01 12:44 - 2014-01-01 12:44 - 00000000 ___RD C:\Program Files\Skype
2014-01-01 12:44 - 2014-01-01 12:44 - 00000000 ____D C:\Program Files\Common Files\Skype
2014-01-01 12:39 - 2014-01-01 17:32 - 00000000 ____D C:\Users\*****\AppData\Roaming\HpUpdate
2014-01-01 12:28 - 2014-01-01 12:29 - 00000000 ____D C:\Program Files\OpenOffice 4
2014-01-01 12:17 - 2014-01-01 12:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-01 12:17 - 2014-01-01 12:17 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-01 12:07 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2014-01-01 12:07 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2014-01-01 11:56 - 2014-01-01 11:56 - 00000000 ____D C:\windows\system32\Adobe
2014-01-01 11:55 - 2014-01-01 11:55 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-01-01 11:55 - 2014-01-01 11:55 - 00000000 ____D C:\Program Files\Java
2014-01-01 00:39 - 2014-01-02 10:24 - 00065536 _____ C:\windows\system32\Ikeext.etl
2013-12-31 23:04 - 2013-12-31 23:04 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-31 22:49 - 2014-01-01 17:26 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-31 22:30 - 2013-12-31 22:30 - 00000000 ____D C:\windows\ERUNT
2013-12-31 22:29 - 2014-01-01 16:35 - 00000000 ____D C:\AdwCleaner
2013-12-31 19:07 - 2013-12-31 19:07 - 00003280 ____N C:\bootsqm.dat
2013-12-31 19:04 - 2013-12-31 19:04 - 00000000 __SHD C:\found.000
2013-12-31 14:00 - 2013-12-31 14:00 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-12-31 13:59 - 2014-01-01 15:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-31 13:59 - 2013-12-31 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-31 13:58 - 2013-12-31 13:58 - 00029892 _____ C:\windows\system32\.crusader
2013-12-31 13:44 - 2013-12-31 13:58 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-31 13:43 - 2013-12-31 13:43 - 00000000 ____D C:\Users\*****\AppData\Local\Secunia PSI
2013-12-31 13:43 - 2013-12-31 13:43 - 00000000 ____D C:\Program Files\Secunia
2013-12-30 19:11 - 2013-12-31 13:38 - 00000000 ____D C:\windows\system32\MpEngineStore
2013-12-30 17:26 - 2013-12-30 17:28 - 92646672 _____ (Microsoft Corporation) C:\Users\*****\Downloads\msert.exe
2013-12-30 17:21 - 2013-12-30 17:23 - 91412976 _____ (AVAST Software) C:\Users\*****\Downloads\avast_free_antivirus_setup.exe
2013-12-12 10:43 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-12 10:43 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-12 10:42 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-12 10:42 - 2013-10-25 05:45 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-12 10:42 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-12 10:42 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-12 10:42 - 2013-10-25 04:41 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-12 10:42 - 2013-10-25 03:49 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-12-12 09:09 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-12 09:09 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-12 09:09 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-12 09:09 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-12 09:09 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-12 09:09 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-12 09:09 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-12 09:09 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-12 09:09 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-12 09:09 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-12 09:09 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-10 11:45 - 2014-01-01 23:38 - 00029374 _____ C:\windows\IE11_main.log

==================== One Month Modified Files and Folders =======

2014-01-02 10:24 - 2014-01-01 00:39 - 00065536 _____ C:\windows\system32\Ikeext.etl
2014-01-02 10:24 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-02 10:24 - 2009-07-14 05:39 - 00171508 _____ C:\windows\setupact.log
2014-01-02 10:21 - 2009-12-02 00:01 - 01326722 _____ C:\windows\WindowsUpdate.log
2014-01-02 10:18 - 2009-07-14 03:37 - 00000000 ____D C:\windows\tracing
2014-01-02 10:14 - 2014-01-02 10:14 - 00000000 ____D C:\FRST
2014-01-02 10:12 - 2014-01-02 10:11 - 00000000 ___RD C:\Save
2014-01-02 10:12 - 2009-07-14 05:34 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-02 10:12 - 2009-07-14 05:34 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-02 10:03 - 2009-12-01 18:36 - 00402504 _____ C:\windows\PFRO.log
2014-01-02 07:46 - 2013-04-07 08:10 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-02 01:04 - 2014-01-02 01:04 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-01-02 01:04 - 2014-01-02 01:04 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-01-02 01:04 - 2014-01-02 01:04 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVAST Software
2014-01-02 00:47 - 2014-01-02 01:04 - 00775952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00410528 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00270240 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-01-02 00:47 - 2014-01-02 01:04 - 00180248 _____ C:\windows\system32\Drivers\aswVmm.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00079720 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00049944 _____ C:\windows\system32\Drivers\aswRvrt.sys
2014-01-02 00:47 - 2014-01-02 00:47 - 00043152 _____ (AVAST Software) C:\windows\avaED8B.tmp
2014-01-02 00:45 - 2014-01-02 00:45 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-02 00:43 - 2014-01-02 00:43 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-02 00:10 - 2012-09-22 18:55 - 00000000 ____D C:\ProgramData\Avira
2014-01-02 00:04 - 2014-01-02 00:04 - 91412976 _____ (AVAST Software) C:\Users\*****\Downloads\avast_free_antivirus_setup (1).exe
2014-01-02 00:01 - 2014-01-01 23:43 - 00000000 ____D C:\ProgramData\ParetoLogic
2014-01-01 23:46 - 2014-01-01 23:46 - 00000000 ____D C:\windows\system32\Drivers\VDD
2014-01-01 23:46 - 2009-09-09 09:51 - 01677752 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-01 23:38 - 2013-12-10 11:45 - 00029374 _____ C:\windows\IE11_main.log
2014-01-01 23:15 - 2014-01-01 23:15 - 00131072 ____N C:\windows\Minidump\010114-40373-01.dmp
2014-01-01 23:15 - 2010-01-11 08:52 - 00000000 ____D C:\windows\Minidump
2014-01-01 21:39 - 2014-01-01 21:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2014-01-01 21:39 - 2014-01-01 21:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2014-01-01 21:36 - 2014-01-01 21:36 - 00131072 ____N C:\windows\Minidump\010114-74272-01.dmp
2014-01-01 19:21 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 ____D C:\Users\Administrator
2014-01-01 19:00 - 2014-01-01 19:00 - 00131072 ____N C:\windows\Minidump\010114-61589-01.dmp
2014-01-01 18:54 - 2014-01-01 18:54 - 00131072 ____N C:\windows\Minidump\010114-62384-01.dmp
2014-01-01 17:32 - 2014-01-01 12:39 - 00000000 ____D C:\Users\*****\AppData\Roaming\HpUpdate
2014-01-01 17:26 - 2013-12-31 22:49 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2014-01-01 17:24 - 2013-10-04 01:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-01 17:11 - 2009-12-02 18:15 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-01 16:58 - 2014-01-01 16:57 - 00260576 _____ C:\windows\msxml4-KB2758694-enu.LOG
2014-01-01 16:39 - 2010-01-25 18:02 - 00000000 ____D C:\ProgramData\Adobe
2014-01-01 16:36 - 2013-10-09 06:05 - 00000079 _____ C:\windows\wininit.ini
2014-01-01 16:36 - 2010-08-21 21:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-01 16:36 - 2009-12-01 18:19 - 00000000 ____D C:\Users\*****\AppData\Roaming\Adobe
2014-01-01 16:35 - 2013-12-31 22:29 - 00000000 ____D C:\AdwCleaner
2014-01-01 16:11 - 2010-01-25 18:03 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2014-01-01 16:10 - 2014-01-01 16:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-01 16:10 - 2014-01-01 16:10 - 00000000 ____D C:\Program Files\Adobe
2014-01-01 15:53 - 2013-10-04 00:24 - 00000000 ____D C:\Program Files\Lavasoft
2014-01-01 15:40 - 2013-12-31 13:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-01 15:24 - 2009-12-01 19:03 - 00000000 ____D C:\Program Files\MSXML 4.0
2014-01-01 15:22 - 2014-01-01 15:22 - 02434048 _____ C:\Users\*****\Downloads\msxml.msi
2014-01-01 14:51 - 2009-07-14 05:33 - 00507416 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-01 14:45 - 2012-04-15 11:15 - 00000000 ____D C:\Users\*****\AppData\Roaming\Skype
2014-01-01 14:01 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Microsoft.NET
2014-01-01 13:20 - 2014-01-01 13:20 - 00104664 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\Program Files\MSECache
2014-01-01 12:44 - 2014-01-01 12:44 - 00000000 ___RD C:\Program Files\Skype
2014-01-01 12:44 - 2014-01-01 12:44 - 00000000 ____D C:\Program Files\Common Files\Skype
2014-01-01 12:44 - 2012-04-15 11:15 - 00000000 ____D C:\ProgramData\Skype
2014-01-01 12:40 - 2012-07-15 10:56 - 00000000 ____D C:\Program Files\HP
2014-01-01 12:38 - 2009-09-09 10:22 - 00000000 ____D C:\windows\Hewlett-Packard
2014-01-01 12:37 - 2009-12-01 17:40 - 00141104 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-01 12:29 - 2014-01-01 12:28 - 00000000 ____D C:\Program Files\OpenOffice 4
2014-01-01 12:28 - 2011-07-04 18:09 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2014-01-01 12:18 - 2014-01-01 12:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-01 12:18 - 2010-08-21 21:52 - 00001033 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-01 12:17 - 2014-01-01 12:17 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-01 12:17 - 2010-08-21 21:52 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-01 12:07 - 2014-01-01 19:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2014-01-01 12:07 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2014-01-01 12:07 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2014-01-01 11:56 - 2014-01-01 11:56 - 00000000 ____D C:\windows\system32\Adobe
2014-01-01 11:55 - 2014-01-01 11:55 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-01-01 11:55 - 2014-01-01 11:55 - 00000000 ____D C:\Program Files\Java
2014-01-01 11:54 - 2009-12-01 18:15 - 00000000 ____D C:\windows\system32\appmgmt
2013-12-31 23:04 - 2013-12-31 23:04 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-31 22:49 - 2013-10-04 00:20 - 00000644 _____ C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-12-31 22:49 - 2013-10-04 00:20 - 00000616 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-12-31 22:49 - 2013-10-04 00:20 - 00000446 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-12-31 22:32 - 2011-04-05 18:09 - 00000000 ____D C:\ProgramData\ICQ
2013-12-31 22:30 - 2013-12-31 22:30 - 00000000 ____D C:\windows\ERUNT
2013-12-31 19:07 - 2013-12-31 19:07 - 00003280 ____N C:\bootsqm.dat
2013-12-31 19:04 - 2013-12-31 19:04 - 00000000 __SHD C:\found.000
2013-12-31 14:00 - 2013-12-31 14:00 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-12-31 13:59 - 2013-12-31 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-31 13:58 - 2013-12-31 13:58 - 00029892 _____ C:\windows\system32\.crusader
2013-12-31 13:58 - 2013-12-31 13:44 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-31 13:43 - 2013-12-31 13:43 - 00000000 ____D C:\Users\*****\AppData\Local\Secunia PSI
2013-12-31 13:43 - 2013-12-31 13:43 - 00000000 ____D C:\Program Files\Secunia
2013-12-31 13:38 - 2013-12-30 19:11 - 00000000 ____D C:\windows\system32\MpEngineStore
2013-12-31 13:38 - 2010-06-16 10:55 - 00047104 ___SH C:\Users\*****\Thumbs.db
2013-12-30 17:28 - 2013-12-30 17:26 - 92646672 _____ (Microsoft Corporation) C:\Users\*****\Downloads\msert.exe
2013-12-30 17:23 - 2013-12-30 17:21 - 91412976 _____ (AVAST Software) C:\Users\*****\Downloads\avast_free_antivirus_setup.exe
2013-12-30 17:01 - 2013-10-04 07:04 - 00000000 ____D C:\Program Files\CCleaner
2013-12-15 13:48 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2013-12-15 10:51 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\de-DE
2013-12-12 10:52 - 2009-07-14 03:04 - 00000562 _____ C:\windows\win.ini
2013-12-12 10:49 - 2013-07-18 10:10 - 00000000 ____D C:\windows\system32\MRT
2013-12-12 10:44 - 2009-12-01 18:28 - 88123800 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-11 09:46 - 2012-06-27 07:00 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-12-11 09:46 - 2012-06-27 07:00 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\install_reader11_de_gtbd_chrd_dn_aaa_aih.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 08:53

==================== End Of Log ============================
         
--- --- ---



gmer.log
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit quick scan 2014-01-02 10:36:43
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0  rev. 0,00MB
Running: gmer_2.1.19163.exe; Driver: C:\Users\*****\AppData\Local\Temp\uxldqpoc.sys


---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                   unknown MBR code
Disk            \Device\Harddisk0\DR0                                                   sector 0: rootkit-like behavior

---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\ntkrnlpa.exe                                       ZwEnumerateKey [0x830A4DE0]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                       ZwEnumerateValueKey [0x830A7246]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                       ZwQueryDirectoryFile [0x83071F82]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                       ZwQuerySystemInformation [0x8306DF45]

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                  CTMFLT.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                fltmgr.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                CTMFLT.sys
AttachedDevice  \Driver\tdx \Device\Ip                                                  SbFw.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                 mfetdik.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                 SbFw.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                 mfetdik.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                 SbFw.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                               SbFw.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                 Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                 Wdf01000.sys

---- Services - GMER 2.1 ----

Service         C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (*** hidden *** )         [AUTO] !SASCORE                         <-- ROOTKIT !!!
Service         system32\DRIVERS\avgntflt.sys (*** hidden *** )                         [AUTO] avgntflt                         <-- ROOTKIT !!!
Service         system32\DRIVERS\avipbb.sys (*** hidden *** )                           [SYSTEM] avipbb                         <-- ROOTKIT !!!
Service         system32\DRIVERS\avkmgr.sys (*** hidden *** )                           [SYSTEM] avkmgr                         <-- ROOTKIT !!!
Service         C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (*** hidden *** )  [MANUAL] hpqcxs08                       <-- ROOTKIT !!!
Service         C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (*** hidden *** )  [AUTO] hpqddsvc                         <-- ROOTKIT !!!
Service         system32\drivers\is3srv.sys (*** hidden *** )                           [BOOT] is3srv                           <-- ROOTKIT !!!
Service         system32\DRIVERS\ssmdrv.sys (*** hidden *** )                           [SYSTEM] ssmdrv                         <-- ROOTKIT !!!
Service         system32\DRIVERS\szkg.sys (*** hidden *** )                             [BOOT] szkg5                            <-- ROOTKIT !!!
Service         system32\drivers\szkgfs.sys (*** hidden *** )                           [BOOT] szkgfs                           <-- ROOTKIT !!!

---- EOF - GMER 2.1 ----
         

Ein additional hat er nicht angezeigt (vielleicht war ich auch nur zu blöd ;( ).
Alte Logs habe ich leider nicht mehr da die per Boot-CD ja nirgends gespeichert werden und ich eigentlich guter Hoffnung war das ganze so loszuwerden.
__________________

Alt 03.01.2014, 10:43   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme - Standard

Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme



Zitat:
Ein additional hat er nicht angezeigt (vielleicht war ich auch nur zu blöd ;( ).
Es muss auch ein ein Haken an entsprechner Stelle bei FRST gesetzt sein! Bitte wiederholen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.01.2014, 14:12   #5
warhammer73
 
Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme - Standard

Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme



... so dann hier die beiden logs.

FRST:
Code:
ATTFilter
can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-01-2014 01
Ran by ***** (administrator) on COMPAQ on 03-01-2014 15:04:35
Running from D:\AV
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(COMODO.) C:\Program Files\COMODO\Time Machine\ClientService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SmarThru Office\BackUpSvr.exe
(COMODO.) C:\Program Files\COMODO\Time Machine\CTMTRAY.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-14] (IDT, Inc.)
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [699472 2012-05-04] ()
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] ()
HKLM\...\Run: [STO Backup Service] - C:\Program Files\SmarThru Office\BackUpSvr.exe [199760 2012-01-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [COMODO_TimeMachine] - C:\Program Files\COMODO\Time Machine\CTMTRAY.exe [4910904 2010-07-20] (COMODO.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-02] (AVAST Software)
HKLM\...\runonceex: [ContentMerger] - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
MountPoints2: D - D:\LaunchU3.exe -a
MountPoints2: {0ec2c14c-decd-11de-a1c8-806e6f6e6963} - F:\AUTORUN\AUTORUN.EXE
MountPoints2: {249ac206-4f40-11e2-b24d-0027133a0128} - D:\navi\ai12h32.exe
MountPoints2: {6aecf39a-74aa-11e1-bc5f-0027133a0128} - D:\LaunchU3.exe -a
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-07-16] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-07-16] (Hewlett-Packard)
BootExecute: autocheck autochk * bootdeletesdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - (No Name) - {90eee664-34b1-422a-a782-779af65cdf6d} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {E53F6B79-27AF-4ABE-9875-AA35CEC83E09} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {E53F6B79-27AF-4ABE-9875-AA35CEC83E09} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {90EEE664-34B1-422A-A782-779AF65CDF6D} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\f5funbj5.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @rim.com/npappworld - C:\Program Files\Research In Motion Limited\Browser-Plug-In für BlackBerry App World\npappworld.dll ()
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

========================== Services (Whitelisted) =================

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-02] (AVAST Software)
S4 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-05] (Microsoft Corp.)
R2 ClientService; C:\Program Files\COMODO\Time Machine\ClientService.exe [280888 2010-07-20] (COMODO.)
S4 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 Samsung Network Fax Server; C:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [176640 2012-03-23] (Samsung Electronics Co., Ltd.)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe [221266 2009-07-14] (IDT, Inc.)
S2 StartServer; C:\Program Files\AdvoluxJava\StartServer.exe [154112 2011-04-08] ()

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-01-02] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [79720 2014-01-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-01-02] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [775952 2014-01-02] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [410528 2014-01-02] (AVAST Software)
R3 aswStm; C:\windows\system32\drivers\aswStm.sys [64168 2014-01-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-02] ()
R0 CTMFLT; C:\Windows\System32\Drivers\CTMFLT.sys [2097152 2010-07-19] ()
R0 CTMMOUNT; C:\Windows\System32\Drivers\CTMMOUNT.sys [2097152 2010-07-19] ()
R0 CTMSHD; C:\Windows\System32\Drivers\CTMSHD.sys [2097152 2010-07-19] ()
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [53184 2008-04-15] (FTDI Ltd.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-10-04] (GFI Software)
S3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [226080 2012-09-20] (GFI Software)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [95488 2012-09-12] (GFI Software)
R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [95488 2012-09-12] (GFI Software)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [94496 2012-09-20] (GFI Software)
S3 sbwtis; C:\Windows\System32\DRIVERS\sbwtis.sys [75552 2012-09-20] (GFI Software)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-07-02] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 gfiark; system32\drivers\gfiark.sys [x]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-02 18:20 - 2014-01-02 18:20 - 00131072 ____N C:\windows\Minidump\010214-44756-01.dmp
2014-01-02 10:14 - 2014-01-03 15:04 - 00000000 ____D C:\FRST
2014-01-02 10:11 - 2014-01-02 10:12 - 00000000 ___RD C:\Save
2014-01-02 01:04 - 2014-01-02 01:04 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-01-02 01:04 - 2014-01-02 01:04 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-01-02 01:04 - 2014-01-02 01:04 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVAST Software
2014-01-02 01:04 - 2014-01-02 00:47 - 00775952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00410528 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00270240 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-01-02 01:04 - 2014-01-02 00:47 - 00180248 _____ C:\windows\system32\Drivers\aswVmm.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00079720 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00049944 _____ C:\windows\system32\Drivers\aswRvrt.sys
2014-01-02 00:47 - 2014-01-02 00:47 - 00043152 _____ (AVAST Software) C:\windows\avaED8B.tmp
2014-01-02 00:45 - 2014-01-02 00:45 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-02 00:43 - 2014-01-02 00:43 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-02 00:04 - 2014-01-02 00:04 - 91412976 _____ (AVAST Software) C:\Users\*****\Downloads\avast_free_antivirus_setup (1).exe
2014-01-01 23:47 - 2012-09-20 05:11 - 00094496 _____ (GFI Software) C:\windows\system32\Drivers\sbhips.sys
2014-01-01 23:46 - 2014-01-01 23:46 - 00000000 ____D C:\windows\system32\Drivers\VDD
2014-01-01 23:46 - 2012-09-20 05:11 - 00226080 _____ (GFI Software) C:\windows\system32\Drivers\SbFw.sys
2014-01-01 23:46 - 2012-09-12 20:19 - 00095488 _____ (GFI Software) C:\windows\system32\Drivers\SbFwIm.sys
2014-01-01 23:43 - 2014-01-02 00:01 - 00000000 ____D C:\ProgramData\ParetoLogic
2014-01-01 23:15 - 2014-01-01 23:15 - 00131072 ____N C:\windows\Minidump\010114-40373-01.dmp
2014-01-01 21:39 - 2014-01-01 21:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2014-01-01 21:39 - 2014-01-01 21:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2014-01-01 21:36 - 2014-01-01 21:36 - 00131072 ____N C:\windows\Minidump\010114-74272-01.dmp
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 ____D C:\Users\Administrator
2014-01-01 19:02 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2014-01-01 19:02 - 2009-12-02 00:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ATI
2014-01-01 19:02 - 2009-12-02 00:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\ATI
2014-01-01 19:02 - 2009-07-27 08:37 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2014-01-01 19:02 - 2009-07-14 05:42 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-01 19:02 - 2009-07-14 05:37 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-01 19:00 - 2014-01-01 19:00 - 00131072 ____N C:\windows\Minidump\010114-61589-01.dmp
2014-01-01 18:54 - 2014-01-01 18:54 - 00131072 ____N C:\windows\Minidump\010114-62384-01.dmp
2014-01-01 16:57 - 2014-01-01 16:58 - 00260576 _____ C:\windows\msxml4-KB2758694-enu.LOG
2014-01-01 16:10 - 2014-01-01 16:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-01 16:10 - 2014-01-01 16:10 - 00000000 ____D C:\Program Files\Adobe
2014-01-01 15:22 - 2014-01-01 15:22 - 02434048 _____ C:\Users\*****\Downloads\msxml.msi
2014-01-01 13:20 - 2014-01-01 13:20 - 00104664 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\Program Files\MSECache
2014-01-01 12:44 - 2014-01-01 12:44 - 00000000 ___RD C:\Program Files\Skype
2014-01-01 12:44 - 2014-01-01 12:44 - 00000000 ____D C:\Program Files\Common Files\Skype
2014-01-01 12:39 - 2014-01-01 17:32 - 00000000 ____D C:\Users\*****\AppData\Roaming\HpUpdate
2014-01-01 12:28 - 2014-01-01 12:29 - 00000000 ____D C:\Program Files\OpenOffice 4
2014-01-01 12:17 - 2014-01-01 12:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-01 12:17 - 2014-01-01 12:17 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-01 12:07 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2014-01-01 12:07 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2014-01-01 11:56 - 2014-01-01 11:56 - 00000000 ____D C:\windows\system32\Adobe
2014-01-01 11:55 - 2014-01-01 11:55 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-01-01 11:55 - 2014-01-01 11:55 - 00000000 ____D C:\Program Files\Java
2014-01-01 00:39 - 2014-01-03 12:49 - 00065536 _____ C:\windows\system32\Ikeext.etl
2013-12-31 23:04 - 2013-12-31 23:04 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-31 22:49 - 2014-01-01 17:26 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-31 22:30 - 2013-12-31 22:30 - 00000000 ____D C:\windows\ERUNT
2013-12-31 22:29 - 2014-01-01 16:35 - 00000000 ____D C:\AdwCleaner
2013-12-31 19:04 - 2013-12-31 19:04 - 00000000 __SHD C:\found.000
2013-12-31 14:00 - 2013-12-31 14:00 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-12-31 13:59 - 2014-01-01 15:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-31 13:59 - 2013-12-31 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-31 13:58 - 2013-12-31 13:58 - 00029892 _____ C:\windows\system32\.crusader
2013-12-31 13:44 - 2013-12-31 13:58 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-31 13:43 - 2013-12-31 13:43 - 00000000 ____D C:\Users\*****\AppData\Local\Secunia PSI
2013-12-31 13:43 - 2013-12-31 13:43 - 00000000 ____D C:\Program Files\Secunia
2013-12-30 19:11 - 2013-12-31 13:38 - 00000000 ____D C:\windows\system32\MpEngineStore
2013-12-30 17:26 - 2013-12-30 17:28 - 92646672 _____ (Microsoft Corporation) C:\Users\*****\Downloads\msert.exe
2013-12-30 17:21 - 2013-12-30 17:23 - 91412976 _____ (AVAST Software) C:\Users\*****\Downloads\avast_free_antivirus_setup.exe
2013-12-12 10:43 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-12 10:43 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-12 10:42 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-12 10:42 - 2013-10-25 05:45 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-12 10:42 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-12 10:42 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-12 10:42 - 2013-10-25 04:41 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-12 10:42 - 2013-10-25 03:49 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-12-12 09:09 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-12 09:09 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-12 09:09 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-12 09:09 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-12 09:09 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-12 09:09 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-12 09:09 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-12 09:09 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-12 09:09 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-12 09:09 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-12 09:09 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-10 11:45 - 2014-01-02 10:43 - 00033527 _____ C:\windows\IE11_main.log

==================== One Month Modified Files and Folders =======

2014-01-03 15:04 - 2014-01-02 10:14 - 00000000 ____D C:\FRST
2014-01-03 15:03 - 2009-12-02 00:01 - 01384765 _____ C:\windows\WindowsUpdate.log
2014-01-03 15:02 - 2013-04-07 08:10 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-03 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\windows\tracing
2014-01-03 12:58 - 2009-07-14 05:34 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 12:58 - 2009-07-14 05:34 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 12:49 - 2014-01-01 00:39 - 00065536 _____ C:\windows\system32\Ikeext.etl
2014-01-03 12:49 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-03 12:49 - 2009-07-14 05:39 - 00171676 _____ C:\windows\setupact.log
2014-01-02 18:20 - 2014-01-02 18:20 - 00131072 ____N C:\windows\Minidump\010214-44756-01.dmp
2014-01-02 18:20 - 2010-01-11 08:52 - 00000000 ____D C:\windows\Minidump
2014-01-02 10:43 - 2013-12-10 11:45 - 00033527 _____ C:\windows\IE11_main.log
2014-01-02 10:12 - 2014-01-02 10:11 - 00000000 ___RD C:\Save
2014-01-02 10:03 - 2009-12-01 18:36 - 00402504 _____ C:\windows\PFRO.log
2014-01-02 01:04 - 2014-01-02 01:04 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-01-02 01:04 - 2014-01-02 01:04 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-01-02 01:04 - 2014-01-02 01:04 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVAST Software
2014-01-02 00:47 - 2014-01-02 01:04 - 00775952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00410528 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00270240 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-01-02 00:47 - 2014-01-02 01:04 - 00180248 _____ C:\windows\system32\Drivers\aswVmm.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00079720 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00049944 _____ C:\windows\system32\Drivers\aswRvrt.sys
2014-01-02 00:47 - 2014-01-02 00:47 - 00043152 _____ (AVAST Software) C:\windows\avaED8B.tmp
2014-01-02 00:45 - 2014-01-02 00:45 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-02 00:43 - 2014-01-02 00:43 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-02 00:10 - 2012-09-22 18:55 - 00000000 ____D C:\ProgramData\Avira
2014-01-02 00:04 - 2014-01-02 00:04 - 91412976 _____ (AVAST Software) C:\Users\*****\Downloads\avast_free_antivirus_setup (1).exe
2014-01-02 00:01 - 2014-01-01 23:43 - 00000000 ____D C:\ProgramData\ParetoLogic
2014-01-01 23:46 - 2014-01-01 23:46 - 00000000 ____D C:\windows\system32\Drivers\VDD
2014-01-01 23:46 - 2009-09-09 09:51 - 01677752 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-01 23:15 - 2014-01-01 23:15 - 00131072 ____N C:\windows\Minidump\010114-40373-01.dmp
2014-01-01 21:39 - 2014-01-01 21:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2014-01-01 21:39 - 2014-01-01 21:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2014-01-01 21:36 - 2014-01-01 21:36 - 00131072 ____N C:\windows\Minidump\010114-74272-01.dmp
2014-01-01 19:21 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 ____D C:\Users\Administrator
2014-01-01 19:00 - 2014-01-01 19:00 - 00131072 ____N C:\windows\Minidump\010114-61589-01.dmp
2014-01-01 18:54 - 2014-01-01 18:54 - 00131072 ____N C:\windows\Minidump\010114-62384-01.dmp
2014-01-01 17:32 - 2014-01-01 12:39 - 00000000 ____D C:\Users\*****\AppData\Roaming\HpUpdate
2014-01-01 17:26 - 2013-12-31 22:49 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2014-01-01 17:24 - 2013-10-04 01:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-01 17:11 - 2009-12-02 18:15 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-01 16:58 - 2014-01-01 16:57 - 00260576 _____ C:\windows\msxml4-KB2758694-enu.LOG
2014-01-01 16:39 - 2010-01-25 18:02 - 00000000 ____D C:\ProgramData\Adobe
2014-01-01 16:36 - 2013-10-09 06:05 - 00000079 _____ C:\windows\wininit.ini
2014-01-01 16:36 - 2010-08-21 21:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-01 16:36 - 2009-12-01 18:19 - 00000000 ____D C:\Users\*****\AppData\Roaming\Adobe
2014-01-01 16:35 - 2013-12-31 22:29 - 00000000 ____D C:\AdwCleaner
2014-01-01 16:11 - 2010-01-25 18:03 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2014-01-01 16:10 - 2014-01-01 16:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-01 16:10 - 2014-01-01 16:10 - 00000000 ____D C:\Program Files\Adobe
2014-01-01 15:53 - 2013-10-04 00:24 - 00000000 ____D C:\Program Files\Lavasoft
2014-01-01 15:40 - 2013-12-31 13:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-01 15:24 - 2009-12-01 19:03 - 00000000 ____D C:\Program Files\MSXML 4.0
2014-01-01 15:22 - 2014-01-01 15:22 - 02434048 _____ C:\Users\*****\Downloads\msxml.msi
2014-01-01 14:51 - 2009-07-14 05:33 - 00507416 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-01 14:45 - 2012-04-15 11:15 - 00000000 ____D C:\Users\*****\AppData\Roaming\Skype
2014-01-01 14:01 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Microsoft.NET
2014-01-01 13:20 - 2014-01-01 13:20 - 00104664 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\Program Files\MSECache
2014-01-01 12:44 - 2014-01-01 12:44 - 00000000 ___RD C:\Program Files\Skype
2014-01-01 12:44 - 2014-01-01 12:44 - 00000000 ____D C:\Program Files\Common Files\Skype
2014-01-01 12:44 - 2012-04-15 11:15 - 00000000 ____D C:\ProgramData\Skype
2014-01-01 12:40 - 2012-07-15 10:56 - 00000000 ____D C:\Program Files\HP
2014-01-01 12:38 - 2009-09-09 10:22 - 00000000 ____D C:\windows\Hewlett-Packard
2014-01-01 12:37 - 2009-12-01 17:40 - 00141104 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-01 12:29 - 2014-01-01 12:28 - 00000000 ____D C:\Program Files\OpenOffice 4
2014-01-01 12:28 - 2011-07-04 18:09 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2014-01-01 12:18 - 2014-01-01 12:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-01 12:18 - 2010-08-21 21:52 - 00001033 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-01 12:17 - 2014-01-01 12:17 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-01 12:17 - 2010-08-21 21:52 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-01 12:07 - 2014-01-01 19:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2014-01-01 12:07 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2014-01-01 12:07 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2014-01-01 11:56 - 2014-01-01 11:56 - 00000000 ____D C:\windows\system32\Adobe
2014-01-01 11:55 - 2014-01-01 11:55 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-01-01 11:55 - 2014-01-01 11:55 - 00000000 ____D C:\Program Files\Java
2014-01-01 11:54 - 2009-12-01 18:15 - 00000000 ____D C:\windows\system32\appmgmt
2013-12-31 23:04 - 2013-12-31 23:04 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-31 22:49 - 2013-10-04 00:20 - 00000644 _____ C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-12-31 22:49 - 2013-10-04 00:20 - 00000616 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-12-31 22:49 - 2013-10-04 00:20 - 00000446 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-12-31 22:32 - 2011-04-05 18:09 - 00000000 ____D C:\ProgramData\ICQ
2013-12-31 22:30 - 2013-12-31 22:30 - 00000000 ____D C:\windows\ERUNT
2013-12-31 19:04 - 2013-12-31 19:04 - 00000000 __SHD C:\found.000
2013-12-31 14:00 - 2013-12-31 14:00 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-12-31 13:59 - 2013-12-31 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-31 13:58 - 2013-12-31 13:58 - 00029892 _____ C:\windows\system32\.crusader
2013-12-31 13:58 - 2013-12-31 13:44 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-31 13:43 - 2013-12-31 13:43 - 00000000 ____D C:\Users\*****\AppData\Local\Secunia PSI
2013-12-31 13:43 - 2013-12-31 13:43 - 00000000 ____D C:\Program Files\Secunia
2013-12-31 13:38 - 2013-12-30 19:11 - 00000000 ____D C:\windows\system32\MpEngineStore
2013-12-31 13:38 - 2010-06-16 10:55 - 00047104 ___SH C:\Users\*****\Thumbs.db
2013-12-30 17:28 - 2013-12-30 17:26 - 92646672 _____ (Microsoft Corporation) C:\Users\*****\Downloads\msert.exe
2013-12-30 17:23 - 2013-12-30 17:21 - 91412976 _____ (AVAST Software) C:\Users\*****\Downloads\avast_free_antivirus_setup.exe
2013-12-30 17:01 - 2013-10-04 07:04 - 00000000 ____D C:\Program Files\CCleaner
2013-12-15 13:48 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2013-12-15 10:51 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\de-DE
2013-12-12 10:52 - 2009-07-14 03:04 - 00000562 _____ C:\windows\win.ini
2013-12-12 10:49 - 2013-07-18 10:10 - 00000000 ____D C:\windows\system32\MRT
2013-12-12 10:44 - 2009-12-01 18:28 - 88123800 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-11 09:46 - 2012-06-27 07:00 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-12-11 09:46 - 2012-06-27 07:00 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\install_reader11_de_gtbd_chrd_dn_aaa_aih.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 08:53

==================== End Of Log ============================
         


addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-01-2014 01
Ran by ***** at 2014-01-03 15:06:03
Running from D:\AV
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (Version: 12.0.7.148 - Adobe Systems, Inc.)
Amazon MP3-Downloader 1.0.9 (Version:  - )
ATI Catalyst Install Manager (Version: 3.0.732.0 - ATI Technologies, Inc.)
avast! Free Antivirus (Version: 9.0.2011 - Avast Software)
Bing-Desktop (Version: 1.3.167.0 - Microsoft Corporation)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.32 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.32 - Research in Motion Ltd.) Hidden
BlackBerry Device Software Updater (Version: 7.0.0.31 - Research In Motion Ltd)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.30.21.0 - Broadcom Corporation)
Browser-Plug-In für BlackBerry App World (Version: 4.0.1.6 - Research In Motion Limited)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4500 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0804.1118.18368 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0804.1118.18368 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Czech (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Danish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Dutch (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help English (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Finnish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help French (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help German (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Greek (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Italian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Japanese (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Korean (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Polish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Russian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Spanish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Swedish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Thai (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Turkish (Version: 2009.0804.1117.18368 - ATI) Hidden
ccc-core-static (Version: 2009.0804.1118.18368 - ATI) Hidden
ccc-utility (Version: 2009.0804.1118.18368 - ATI) Hidden
CCleaner (Version: 4.09 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
COMODO Time Machine (Version: 2.8.155286.178 - COMODO)
Configo (Version: 2.1.5.0 - Philips)
CPQ Wallpaper (Version: 1.0.1.1 - Hewlett-Packard)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
dm-Fotowelt (Version:  - )
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
ElsterFormular (Version: 14.0.0.10899 - Landesfinanzdirektion Thüringen)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Common Access Service Library (Version: 3.0.28.1 - Hewlett-Packard)
HP Customer Experience Enhancements (Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP ESU for Microsoft Windows 7 (Version: 1.0.1.1 - Hewlett-Packard)
HP Integrated Module with Bluetooth wireless technology (Version: 6.2.0.9602 - Broadcom Corporation)
HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4 (Version: 13.0 - HP)
HP Product Detection (Version: 11.14.0001 - HP)
HP Quick Launch Buttons (Version: 6.50.4.2 - Hewlett-Packard)
HP Setup (Version: 1.2.3215.3078 - Hewlett-Packard)
HP Software Setup (Version: 1.0.0.15 - Hewlett-Packard)
HP Support Assistant (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (Version: 5.005.000.001 - Hewlett-Packard)
HP User Guides 0133 (Version: 1.02.0001 - Hewlett-Packard)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (Version: 1.0.25.0 - Roxio)
HP Webcam Driver (Version: 5.8.50008.0 - Sonix)
HP Wireless Assistant (Version: 3.50.9.1 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
ICQ7.4 (Version: 7.4 - ICQ)
iDRS(tm) OCR Software by I.R.I.S (Version: 1.00.13.00 - Samsung Electronics Co., Ltd.)
IDT Audio (Version: 1.0.6222.0 - IDT)
InsOManager Version 2010 Einzelplatz Demoversion für Office 200 (Version: 2010 Einzelplatz Demoversion für Office 2007, 2010 - DVconnect)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
LightScribe System Software (Version: 1.18.6.1 - LightScribe)
LSI HDA Modem (Version: 2.2.100 - LSI Corporation)
Macromedia Shockwave Player (Version:  - )
Marvell Miniport Driver (Version: 10.70.5.3 - Marvell)
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft AutoRoute 2006 (Version: 13.00.08.2400 - Microsoft Corporation)
Microsoft Digital Image Library 9 - Blocker (Version: 9.00.0000 - Microsoft Corporation) Hidden
Microsoft Encarta 2006 Enzyklopädie Standard (Version: 2006 - Microsoft Corporation)
Microsoft Foto 2006 Standard Edition (Version: 11.0.0422 - Microsoft Corporation)
Microsoft Foto 2006 Standard Edition Bibliothek (Version: 11.0.0422 - Microsoft Corporation) Hidden
Microsoft Foto 2006 Standard Edition Editor (Version: 11.0.0422 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2002 (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Works (Version: 08.05.0822 - Microsoft Corporation)
Microsoft Works Suite-Add-Ins für Microsoft Word (Version: 8.0.0.0000 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation)
NAVIGON Fresh 3.4.1 (Version: 3.4.1 - NAVIGON)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NWB SteuerXpert (Version: 9.1.0 - Verlag Neue Wirtschafts-Briefe GmbH & Co. KG )
OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP)
OpenOffice 4.0.0 (Version: 4.00.9702 - Apache Software Foundation)
PDF Complete Special Edition (Version: 3.5.108 - PDF Complete, Inc)
Photo Notifier and Animation Creator (Version: 1.0.0.1009 - Ihr Firmenname) Hidden
Photo Notifier and Animation Creator (Version: 1.0.0.1009 - IncrediMail Ltd.)
PS_AIO_04_C4500_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Business (Version: 10.3 - Roxio)
Roxio Creator Business v10 (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.8.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio MyDVD (Version: 10.3.349 - Roxio) Hidden
Samsung Easy Printer Manager (Version: 1.02.06.10 - Samsung Electronics Co., Ltd.)
Samsung ML-1610 Series (Version:  - )
Samsung ML-1610 Series SmartPanel (Version:  - )
Samsung Network PC Fax (Version: 1.05.29.00 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (Version: 1.04.45.00 - Samsung Electronics Co., Ltd.)
Samsung SCX-472x Series (Version: 1.15 (28.05.2012) - Samsung Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Setup-Start von Microsoft Works Suite 2006 (Version:  - )
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
SmarThru Office (Version: 2.08.018 - Samsung Electronics Co., Ltd.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Stellarium 0.9.0 (Version:  - )
StreamTransport version: 1.0.2.2171 (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 13.2.6.2 - Synaptics Incorporated)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (Version: 7.55a - Ghisler Software GmbH)
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows 7 Default Setting (Version: 1.0.0.6 - Hewlett-Packard)
Windows Live Anmelde-Assistent (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (Version: 14.0.8014.1029 - Microsoft Corporation)
Works Update (Version: 8.0.0.0000 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

10-12-2013 10:44:27 Windows Update
12-12-2013 09:40:38 Windows Update
16-12-2013 10:23:18 Windows Update
26-12-2013 18:22:01 Windows Update
30-12-2013 18:37:17 Windows Update
01-01-2014 11:39:08 Installed HP Update.
01-01-2014 11:41:35 Installed HP Product Detection
01-01-2014 11:46:51 AA11
01-01-2014 11:51:25 Installed Microsoft Office PowerPoint Viewer 2007 (English)
01-01-2014 14:19:50 Installed MSXML 4.0 SP3 Parser
01-01-2014 14:50:16 AA11
01-01-2014 15:45:47 Windows Update
01-01-2014 16:04:32 Windows Update
01-01-2014 16:32:59 Windows Update
01-01-2014 18:12:25 STOPzilla Restore Point.
01-01-2014 18:15:30 Windows Update
01-01-2014 22:33:14 STOPzilla Restore Point.
01-01-2014 22:35:45 Windows Update
01-01-2014 23:44:42 avast! antivirus system restore point
01-01-2014 23:55:12 Removed STOPzilla
02-01-2014 00:02:31 avast! antivirus system restore point
02-01-2014 09:41:15 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2013-10-03 18:24 - 00000860 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {048DC40D-A99D-484C-9D7A-8240F017F868} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-03-05] (Microsoft)
Task: {4EE40DB0-3056-4618-B421-67AD1967E463} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6B35D262-C62A-45B6-8986-14AC6E40A9C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {7FDD18BA-3803-45AE-9340-9D64884D307B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-02] (AVAST Software)
Task: {CCD95444-E5A0-40E0-A6A9-6A53069A1E5A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {F7A22D00-782D-4583-9160-3B013BD6C77D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {FD95E9EB-882F-4564-98FB-6F0F16C95CF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2003-07-11 02:09 - 2003-07-11 02:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
2010-12-17 18:13 - 2010-12-17 18:13 - 00049664 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2010-07-16 04:18 - 2010-07-16 04:18 - 00476160 _____ () C:\Program Files\COMODO\Time Machine\styles\comodo.theme
2014-01-02 00:46 - 2014-01-02 00:47 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5A868D37
AlternateDataStreams: C:\Users\*****\Desktop\03 - Six Feet Under (Main Theme).mp3:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/03/2014 00:45:29 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16750 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1a78

Startzeit: 01cf08793a94c700

Endzeit: 20

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (01/03/2014 11:08:36 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/03/2014 11:07:20 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/03/2014 11:03:27 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/03/2014 11:00:03 AM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "Z:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (01/03/2014 10:43:39 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SearchProtocolHost.exe, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0c63a
Name des fehlerhaften Moduls: MSMAPI32.DLL, Version: 11.0.8323.0, Zeitstempel: 0x4b7ea430
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012955
ID des fehlerhaften Prozesses: 0x1838
Startzeit der fehlerhaften Anwendung: 0xSearchProtocolHost.exe0
Pfad der fehlerhaften Anwendung: SearchProtocolHost.exe1
Pfad des fehlerhaften Moduls: SearchProtocolHost.exe2
Berichtskennung: SearchProtocolHost.exe3

Error: (01/03/2014 10:41:00 AM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16750 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1d60

Startzeit: 01cf0867d79d0f4b

Endzeit: 10

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: 24dbbf85-745b-11e3-aa1c-0027133a0128

Error: (01/03/2014 10:37:44 AM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16750 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c9c

Startzeit: 01cf08675639fb51

Endzeit: 10

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (01/02/2014 07:08:48 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16750 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 134c

Startzeit: 01cf07e553ae269a

Endzeit: 27

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (01/02/2014 07:06:09 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16750 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 21c

Startzeit: 01cf07e52e54522a

Endzeit: 20

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:


System errors:
=============
Error: (01/03/2014 03:02:07 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (01/03/2014 00:49:42 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 10
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (01/03/2014 00:49:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (01/03/2014 00:48:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/03/2014 00:48:56 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (01/03/2014 00:48:56 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/03/2014 00:48:51 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (01/03/2014 00:48:33 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (01/03/2014 00:48:33 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (01/03/2014 00:44:17 PM) (Source: atikmdag) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (01/03/2014 00:45:29 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.167501a7801cf08793a94c70020C:\Program Files\Internet Explorer\iexplore.exe

Error: (01/03/2014 11:08:36 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\SAMSUNG\samsung scx-472x series\Setup\Setup\bin\wiainst64.exe

Error: (01/03/2014 11:07:20 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe

Error: (01/03/2014 11:03:27 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe

Error: (01/03/2014 11:00:03 AM) (Source: Windows Backup)(User: )
Description: Z:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (01/03/2014 10:43:39 AM) (Source: Application Error)(User: )
Description: SearchProtocolHost.exe7.0.7601.176104dc0c63aMSMAPI32.DLL11.0.8323.04b7ea430c000000500012955183801cf07e6348e72faC:\windows\system32\SearchProtocolHost.exeC:\Program Files\Common Files\SYSTEM\MSMAPI\1031\MSMAPI32.DLL85b64942-745b-11e3-aa1c-0027133a0128

Error: (01/03/2014 10:41:00 AM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.167501d6001cf0867d79d0f4b10C:\Program Files\Internet Explorer\iexplore.exe24dbbf85-745b-11e3-aa1c-0027133a0128

Error: (01/03/2014 10:37:44 AM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.16750c9c01cf08675639fb5110C:\Program Files\Internet Explorer\iexplore.exe

Error: (01/02/2014 07:08:48 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.16750134c01cf07e553ae269a27C:\Program Files\Internet Explorer\iexplore.exe

Error: (01/02/2014 07:06:09 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.1675021c01cf07e52e54522a20C:\Program Files\Internet Explorer\iexplore.exe


==================== Memory info =========================== 

Percentage of memory in use: 80%
Total physical RAM: 1788.82 MB
Available physical RAM: 355.64 MB
Total Pagefile: 3577.65 MB
Available Pagefile: 1815.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.26 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.8 GB) (Free:208.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (USB DISK) (Removable) (Total:7.46 GB) (Free:5.28 GB) FAT32
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================
         


Alt 04.01.2014, 11:11   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme - Standard

Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme

Alt 04.01.2014, 16:05   #7
warhammer73
 
Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme - Standard

Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme



Dann hier die Datei:

Code:
ATTFilter
ComboFix 14-01-04.03 - ***** 04.01.2014  13:41:14.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.1789.885 [GMT 1:00]
ausgef¸hrt von:: c:\users\*****\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Lˆschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\avaED8B.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-12-04 bis 2014-01-04  ))))))))))))))))))))))))))))))
.
.
2014-01-04 12:53 . 2014-01-04 12:53	--------	d-----w-	c:\users\*****\AppData\Local\temp
2014-01-04 12:53 . 2014-01-04 12:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-01-03 22:51 . 2013-12-04 02:57	7760024	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9903646-F896-4A69-89F9-EF7588057D24}\mpengine.dll
2014-01-02 09:14 . 2014-01-03 14:04	--------	d-----w-	C:\FRST
2014-01-02 09:11 . 2014-01-02 09:12	--------	d-----r-	C:\Save
2014-01-02 00:04 . 2014-01-02 00:04	--------	d-----w-	c:\users\*****\AppData\Roaming\AVAST Software
2014-01-02 00:04 . 2014-01-02 00:04	64168	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-01-02 00:04 . 2014-01-01 23:47	180248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-01-02 00:04 . 2014-01-01 23:47	775952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-01-02 00:04 . 2014-01-01 23:47	410528	----a-w-	c:\windows\system32\drivers\aswSP.sys
2014-01-02 00:04 . 2014-01-01 23:47	67824	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-01-02 00:04 . 2014-01-01 23:47	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-01-02 00:04 . 2014-01-01 23:47	79720	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-01-02 00:04 . 2014-01-01 23:47	270240	----a-w-	c:\windows\system32\aswBoot.exe
2014-01-02 00:04 . 2014-01-02 00:04	43152	----a-w-	c:\windows\avastSS.scr
2014-01-01 23:45 . 2014-01-01 23:45	--------	d-----w-	c:\program files\AVAST Software
2014-01-01 23:43 . 2014-01-01 23:43	--------	d-----w-	c:\programdata\AVAST Software
2014-01-01 22:47 . 2012-09-20 04:11	94496	----a-w-	c:\windows\system32\drivers\sbhips.sys
2014-01-01 22:46 . 2012-09-12 19:19	95488	----a-w-	c:\windows\system32\drivers\SbFwIm.sys
2014-01-01 22:46 . 2012-09-20 04:11	226080	----a-w-	c:\windows\system32\drivers\SbFw.sys
2014-01-01 22:46 . 2014-01-01 22:46	--------	d-----w-	c:\windows\system32\drivers\VDD
2014-01-01 22:43 . 2014-01-01 23:01	--------	d-----w-	c:\programdata\ParetoLogic
2014-01-01 18:02 . 2014-01-01 18:02	--------	d-----w-	c:\users\Administrator
2014-01-01 15:10 . 2014-01-01 15:10	--------	d-----w-	c:\program files\Common Files\Adobe
2014-01-01 12:20 . 2014-01-01 12:20	104664	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-01 11:51 . 2014-01-01 11:51	--------	d-----w-	c:\program files\MSECache
2014-01-01 11:44 . 2014-01-01 11:44	--------	d-----w-	c:\program files\Common Files\Skype
2014-01-01 11:44 . 2014-01-01 11:44	--------	d-----r-	c:\program files\Skype
2014-01-01 11:39 . 2014-01-01 16:32	--------	d-----w-	c:\users\*****\AppData\Roaming\HpUpdate
2014-01-01 11:28 . 2014-01-01 11:29	--------	d-----w-	c:\program files\OpenOffice 4
2014-01-01 11:07 . 2014-01-01 11:07	--------	d-----w-	c:\users\Default\AppData\Local\Adobe
2014-01-01 10:56 . 2014-01-01 10:56	--------	d-----w-	c:\windows\system32\Adobe
2014-01-01 10:55 . 2014-01-01 10:55	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-01-01 10:55 . 2014-01-01 10:55	--------	d-----w-	c:\program files\Java
2013-12-31 22:04 . 2013-12-31 22:04	--------	d-----w-	c:\programdata\Lavasoft
2013-12-31 21:49 . 2014-01-01 16:26	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2013-12-31 21:30 . 2013-12-31 21:30	--------	d-----w-	c:\windows\ERUNT
2013-12-31 21:29 . 2014-01-01 15:35	--------	d-----w-	C:\AdwCleaner
2013-12-31 18:04 . 2013-12-31 18:04	--------	d-----w-	C:\found.000
2013-12-31 13:00 . 2013-12-31 13:00	--------	d-----w-	c:\users\*****\AppData\Roaming\Malwarebytes
2013-12-31 12:59 . 2013-12-31 12:59	--------	d-----w-	c:\programdata\Malwarebytes
2013-12-31 12:59 . 2014-01-01 14:40	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-12-31 12:44 . 2013-12-31 12:58	--------	d-----w-	c:\programdata\HitmanPro
2013-12-31 12:43 . 2013-12-31 12:43	--------	d-----w-	c:\users\*****\AppData\Local\Secunia PSI
2013-12-31 12:43 . 2013-12-31 12:43	--------	d-----w-	c:\program files\Secunia
2013-12-30 18:42 . 2013-12-30 18:42	--------	d-----w-	c:\windows\Migration
2013-12-30 18:11 . 2013-12-31 12:38	--------	d-----w-	c:\windows\system32\MpEngineStore
2013-12-12 09:43 . 2013-05-10 04:56	12625408	----a-w-	c:\windows\system32\wmploc.DLL
2013-12-12 09:43 . 2013-05-10 03:48	164864	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 08:09 . 2013-10-30 02:19	301568	----a-w-	c:\windows\system32\msieftp.dll
2013-12-12 08:09 . 2013-10-19 01:36	159232	----a-w-	c:\windows\system32\imagehlp.dll
2013-12-12 08:09 . 2013-10-12 02:04	121856	----a-w-	c:\windows\system32\wshom.ocx
2013-12-12 08:09 . 2013-10-12 02:03	163840	----a-w-	c:\windows\system32\scrrun.dll
2013-12-12 08:09 . 2013-10-12 01:15	141824	----a-w-	c:\windows\system32\wscript.exe
2013-12-12 08:09 . 2013-10-12 01:15	126976	----a-w-	c:\windows\system32\cscript.exe
2013-12-12 08:09 . 2013-11-23 18:26	417792	----a-w-	c:\windows\system32\WMPhoto.dll
2013-12-12 08:09 . 2013-10-04 01:17	177152	----a-w-	c:\windows\system32\drivers\portcls.sys
2013-12-12 08:09 . 2013-10-04 01:49	81408	----a-w-	c:\windows\system32\drivers\drmk.sys
2013-12-12 08:09 . 2013-10-30 01:27	2349056	----a-w-	c:\windows\system32\win32k.sys
2013-12-12 08:09 . 2013-11-12 02:07	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 08:46 . 2012-06-27 06:00	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 08:46 . 2012-06-27 06:00	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-11-26 11:25 . 2009-12-01 17:21	230048	------w-	c:\windows\system32\MpSigStub.exe
2013-10-12 02:03 . 2013-11-14 06:15	656896	----a-w-	c:\windows\system32\nshwfp.dll
2013-10-12 02:01 . 2013-11-14 06:15	679424	----a-w-	c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01 . 2013-11-14 06:15	216576	----a-w-	c:\windows\system32\FWPUCLNT.DLL
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-01 23:46	259464	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]
"Samsung PanelMgr"="c:\windows\samsung\panelmgr\SSMMgr.exe" [2012-05-04 699472]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 332288]
"STO Backup Service"="c:\program files\SmarThru Office\BackUpSvr.exe" [2012-01-13 199760]
"COMODO_TimeMachine"="c:\program files\COMODO\Time Machine\CTMTRAY.exe" [2010-07-20 4910904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-01 3764024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0bootdelete\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-09-05 14:03	958576	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-10-28 11:18	49208	----a-w-	c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2009-06-18 16:07	563736	----a-w-	c:\program files\PDF Complete\pdfsty.exe
.
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R2 StartServer;StartServer;c:\program files\AdvoluxJava\StartServer.exe [2011-04-08 154112]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-01-02 64168]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2012-09-12 95488]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-09-20 94496]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2012-09-20 75552]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R4 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-06-05 173192]
R4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-10-03 13560]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-01-01 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-01-01 410528]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-09-20 226080]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-01-01 67824]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2012-03-23 176640]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-14 5120]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2012-09-12 95488]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 08:46]
.
.
------- Zus‰tzlicher Suchlauf -------
.
uStart Page = hxxp://www.spiegel.de/
IE: Bild an &Bluetooth-Ger‰t senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Ger‰t senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\f5funbj5.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -
.
URLSearchHooks-{90eee664-34b1-422a-a782-779af65cdf6d} - (no file)
WebBrowser-{90EEE664-34B1-422A-A782-779AF65CDF6D} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-Ad-Aware Browsing Protection - c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601 
.
CreateFile("\\.\PHYSICALDRIVE0"): Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
device: opened successfully
user: error reading MBR 
kernel: MBR read successfully
user != kernel MBR !!! 
copy of MBR has been found in sector 22 !
copy of MBR has been found in sector 23 !
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-04  13:56:01
ComboFix-quarantined-files.txt  2014-01-04 12:56
.
Vor Suchlauf: 15 Verzeichnis(se), 225.156.247.552 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 225.055.961.088 Bytes frei
.
- - End Of File - - A4B87F54C93C8EE694DF36E04DB3F670
3C39E28DFC87C0C77116C91AC4B874B7
         

Alt 05.01.2014, 00:55   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme - Standard

Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme



Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.01.2014, 09:38   #9
warhammer73
 
Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme - Standard

Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme



Hallo,

habe das ganze nach der Anleitung durchgeführt (Denke ich jedenfalls).
Es wurden auch Bedrohungen gefunden, allerdings wurde auch ohne Neustart "Behoben" angezeigt.
Habe den Rechner trotzdem neu gestartet, beim zweiten Lauf wurden aber wieder die selben Files angemerkt.

Hier die Logs dazu:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.04.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
***** :: COMPAQ [limited]

05.01.2014 09:44:09
mbar-log-2014-01-05 (09-44-09).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 253860
Time elapsed: 21 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\WINDOWS\SYSTEM32\drivers\afd.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\cng.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\drmk.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\hidclass.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\hidparse.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\dxgkrnl.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\ksecdd.sys (Unknown.Rootkit.Driver) -> Replace on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.04.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
***** :: COMPAQ [limited]

05.01.2014 08:57:20
mbar-log-2014-01-05 (08-57-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 254720
Time elapsed: 24 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\WINDOWS\SYSTEM32\drivers\afd.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\cng.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\drmk.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\hidclass.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\hidparse.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\dxgkrnl.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\ksecdd.sys (Unknown.Rootkit.Driver) -> Replace on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 05.01.2014, 18:52   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme - Standard

Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme



Zitat:
***** :: COMPAQ [limited]
Machst du das ohne Adminrechte?
Wiederholen bitte. MBAR starten per Rechtsklick => als Admin ausführen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.01.2014, 22:04   #11
warhammer73
 
Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme - Standard

Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme



Hallo,

nein. Wurde mit Rechtsklick als Adminstrator ausgeführt und die Windows Abfrage ob man das wirklich wolle habe ich auch mit Ja beantwortet.

Alt 05.01.2014, 22:07   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme - Standard

Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme



Bitte nochmal explizit mit Adminrechten starten über Rechtsklick => als Admin ausführen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.01.2014, 22:21   #13
warhammer73
 
Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme - Standard

Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme



Wie geschrieben habe ich genau das gemacht.

Alt 05.01.2014, 22:22   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme - Standard

Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme



Bitte mach es nochmal. Und den Scan wiederholen. Vorher MBAR updaten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.01.2014, 22:08   #15
warhammer73
 
Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme - Standard

Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme



Hallo,

so nun nochmal gemacht. Allerdings mit dem selben Ergebnis.

Scan im Windows Normalmodus, gestartet mit rechter Maus und Admin:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.05.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
***** :: COMPAQ [limited]

05.01.2014 23:24:34
mbar-log-2014-01-05 (23-24-34).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 253874
Time elapsed: 22 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\WINDOWS\SYSTEM32\drivers\afd.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\cng.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\drmk.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\hidclass.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\hidparse.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\dxgkrnl.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\ksecdd.sys (Unknown.Rootkit.Driver) -> Replace on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Das selbe nochmal im abgesicherten Modus:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.05.04

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.16476
***** :: COMPAQ [administrator]

05.01.2014 23:59:38
mbar-log-2014-01-05 (23-59-38).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 46123
Time elapsed: 3 minute(s), 46 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\WINDOWS\SYSTEM32\drivers\afd.sys (Unknown.Rootkit.Driver) -> No action taken.
C:\WINDOWS\SYSTEM32\drivers\cng.sys (Unknown.Rootkit.Driver) -> No action taken.
C:\WINDOWS\SYSTEM32\drivers\drmk.sys (Unknown.Rootkit.Driver) -> No action taken.
C:\WINDOWS\SYSTEM32\drivers\hidclass.sys (Unknown.Rootkit.Driver) -> No action taken.
C:\WINDOWS\SYSTEM32\drivers\hidparse.sys (Unknown.Rootkit.Driver) -> No action taken.
C:\WINDOWS\SYSTEM32\drivers\dxgkrnl.sys (Unknown.Rootkit.Driver) -> No action taken.
C:\WINDOWS\SYSTEM32\drivers\ksecdd.sys (Unknown.Rootkit.Driver) -> No action taken.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
... hier steht dann ja immerhin mal Adminstrator. Nur geholfen hat es nicht (Wieder im normalen Windows-Modus):
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.06.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
***** :: COMPAQ [limited]

06.01.2014 05:19:30
mbar-log-2014-01-06 (05-19-30).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 253923
Time elapsed: 24 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\WINDOWS\SYSTEM32\drivers\afd.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\cng.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\drmk.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\hidclass.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\hidparse.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\dxgkrnl.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\ksecdd.sys (Unknown.Rootkit.Driver) -> Replace on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Zu keiner Zeit habe ich eine Meldung bekommen den Rechner neu zu starten.
Trotzdem habe ich das nach jedem Scan gemacht.

Neues Sympthom seit heute:
google lässt sich nicht mehr im Browser aufrufen.

Antwort

Themen zu Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme
abgesicherten, acrobat, aktuelle, anti, antivirenprogramm, avast, avira, befall, bildschirm, bundestrojaner, dateien, einfach, funktioniert, gen, java, malware, problem, programm, programme, rechner, scan, starten, trojaner, verbindung, windows



Ähnliche Themen: Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme


  1. Bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (10)
  2. Bundestrojaner eingefangen...
    Log-Analyse und Auswertung - 30.08.2013 (3)
  3. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 21.06.2013 (11)
  4. Bundestrojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 01.05.2013 (11)
  5. Bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (21)
  6. Bundestrojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (2)
  7. Bundestrojaner eingefangen :-(
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (7)
  8. BUNDESTROJANER eingefangen! Was nun?
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (9)
  9. Bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (19)
  10. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 16.07.2012 (1)
  11. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 13.07.2012 (9)
  12. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 13.03.2012 (11)
  13. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 28.08.2011 (4)
  14. Trojaner eingefangen, Antivirenprogramme starten nicht mehr!
    Log-Analyse und Auswertung - 04.01.2010 (7)
  15. widersprüchliche Aussagen von Online-Scans
    Log-Analyse und Auswertung - 03.04.2009 (0)
  16. Konzroverse Aussagen auf HiJackThis.de
    Mülltonne - 16.12.2008 (0)
  17. Kann wer mit Logfile checken? Hab widersprüchliche Aussagen bei Adaware und spybot.
    Mülltonne - 27.06.2008 (0)

Zum Thema Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme - Hallo, wir haben uns auf dem einzigen Windows Rechner den BKA Trojaner eingefangen (Vermutlich über ein altes Acrobat Reader oder Java würde ich vermuten). Da sich der Rechner noch im - Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme...
Archiv
Du betrachtest: Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.