Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Interpool Trojaner auf meinem Laptop

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.01.2014, 19:51   #1
donnaschlag
 
Interpool Trojaner auf meinem Laptop - Standard

Interpool Trojaner auf meinem Laptop



Hallo,
habe mir den Interpool Trojaner auf meinem Laptop eingefangen und schon einige Beiträge dazu hier gelesen, Ich bin soweit gekommen dass ich den Scan von frst durchführen konnte und die txt Datei die dabei rausgekommen ist, ist die Folgende:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 03
Ran by SYSTEM on MININT-AK4SHLD on 18-01-2014 19:42:25
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SiSTray] - C:\Program Files\SiS VGA Utilities\SiSTray.exe [552960 2009-11-12] (Silicon Integrated Systems Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800 2010-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Donna\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2005-08-11] (Macrovision Corporation)
HKU\Donna\...\Run: [svñhîst] - %USERPROFILE%\wgsdgsdgdsgsd.exe
HKU\Donna\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2013-02-13] (Samsung)
HKU\Donna\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [ 2013-02-13] (Samsung)
HKU\Donna\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ifjwaewl.lnk
ShortcutTarget: ifjwaewl.lnk -> C:\Users\Donna\AppData\Local\Temp\lweawjfi.cpp (hxxp://tortoisesvn.net)

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-05-30] (soft Xpansion)
S2 Winmgmt; C:\Users\Donna\AppData\Local\Temp\lweawjfi.cpp [228864 2014-01-18] (hxxp://tortoisesvn.net)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-22] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-22] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-13] (Realtek Semiconductor Corporation                           )
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [x]
S5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-18 19:42 - 2014-01-18 19:42 - 00000000 ____D C:\FRST
2014-01-18 09:10 - 2014-01-18 10:31 - 00000000 _____ C:\ProgramData\ifjwaewl.odd
2014-01-04 09:17 - 2014-01-04 09:27 - 00000000 ____D C:\Users\Donna\Desktop\Ebay

==================== One Month Modified Files and Folders =======

2014-01-18 19:42 - 2014-01-18 19:42 - 00000000 ____D C:\FRST
2014-01-18 10:31 - 2014-01-18 09:10 - 00000000 _____ C:\ProgramData\ifjwaewl.odd
2014-01-18 10:30 - 2009-07-13 20:39 - 00049856 _____ C:\Windows\setupact.log
2014-01-18 09:39 - 2010-02-03 12:18 - 01990069 _____ C:\Windows\WindowsUpdate.log
2014-01-18 09:31 - 2009-07-13 20:34 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-18 09:31 - 2009-07-13 20:34 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-18 09:17 - 2010-02-03 13:37 - 00189648 _____ C:\Windows\PFRO.log
2014-01-16 07:17 - 2010-02-07 07:40 - 00002568 ___SH C:\Windows\System32\KGyGaAvL.sys
2014-01-15 00:26 - 2010-05-23 11:58 - 00000000 ____D C:\Users\Donna\AppData\Roaming\Skype
2014-01-06 05:30 - 2010-02-03 12:38 - 01507342 _____ C:\Windows\System32\PerfStringBackup.INI
2014-01-04 09:27 - 2014-01-04 09:17 - 00000000 ____D C:\Users\Donna\Desktop\Ebay
2013-12-22 02:03 - 2013-05-07 10:05 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-12-22 02:03 - 2012-12-03 00:25 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-12-22 02:03 - 2012-12-03 00:25 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-12-19 11:50 - 2010-02-03 13:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-19 11:48 - 2013-08-08 09:21 - 00000000 ____D C:\Windows\System32\MRT

Files to move or delete:
====================
C:\Program Files\Samsung\Kies\KiesAirMessage.exe
C:\ProgramData\8DN5HY.dat
C:\ProgramData\ifjwaewl.odd
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job


Some content of TEMP:
====================
C:\Users\Donna\AppData\Local\Temp\avgnt.exe
C:\Users\Donna\AppData\Local\Temp\HomeTab.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\qmph.dll
C:\Users\Donna\AppData\Local\Temp\tbu1C31.exe
C:\Users\Donna\AppData\Local\Temp\tbu32A8.exe
C:\Users\Donna\AppData\Local\Temp\tbu3E8D.exe
C:\Users\Donna\AppData\Local\Temp\tbu418A.exe
C:\Users\Donna\AppData\Local\Temp\tbu48FE.exe
C:\Users\Donna\AppData\Local\Temp\tbu59C.exe
C:\Users\Donna\AppData\Local\Temp\tbu770F.exe
C:\Users\Donna\AppData\Local\Temp\tbu993B.exe
C:\Users\Donna\AppData\Local\Temp\tbuC15E.exe
C:\Users\Donna\AppData\Local\Temp\tbuE259.exe
C:\Users\Donna\AppData\Local\Temp\tbuF1FF.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-30 10:10:34
Restore point made on: 2013-07-30 10:37:04
Restore point made on: 2013-08-08 09:20:34
Restore point made on: 2013-08-26 08:41:21
Restore point made on: 2013-09-09 05:55:08
Restore point made on: 2013-09-30 01:03:09
Restore point made on: 2013-10-16 07:07:26
Restore point made on: 2013-10-20 01:02:43
Restore point made on: 2013-11-06 06:10:25
Restore point made on: 2014-01-02 01:37:51
Restore point made on: 2014-01-15 10:08:15

==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 3823.17 MB
Available physical RAM: 3183.32 MB
Total Pagefile: 3821.45 MB
Available Pagefile: 3191.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:206.6 GB) NTFS
Drive e: (Windows7) (CDROM) (Total:3.52 GB) (Free:0 GB) UDF
Drive f: (VOLUME) (Removable) (Total:29.28 GB) (Free:29.28 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0F2202EA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=29 GB) - (Type=0C)


LastRegBack: 2014-01-15 10:01

==================== End Of Log ============================
         
--- --- ---

Ich freue mich über schnelle Hilfe, wie es un weiter gehen kann.

Alt 18.01.2014, 19:52   #2
sunjojo
/// Malwareteam
 
Interpool Trojaner auf meinem Laptop - Standard

Interpool Trojaner auf meinem Laptop





Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld
__________________

__________________

Alt 18.01.2014, 21:46   #3
sunjojo
/// Malwareteam
 
Interpool Trojaner auf meinem Laptop - Standard

Interpool Trojaner auf meinem Laptop



Hallo donnaschlag,

mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:
Regeln zum Ablauf der Bereinigung
  • Arbeite die Anleitungen und Schritte sorgfältig und nacheinander ab.
  • Wenn du etwas nicht verstehst oder du dir unsicher bist, frage nach und schildere das Problem, so gut es geht. Handle nicht auf eigene Faust.
    • Die Ausführung diverser Bereinigungsprogramme (mit Scripts aus anderen Threads) können dein Betriebssystem zerschießen!
  • Die Bereinigung eines Rechners in verschiedenen Foren zur selben Zeit ist verboten (Crossposting).
  • Installiere oder deinstalliere keine zusätzlichen Programme, lösche keine Dateien und führe nicht selbstständig Systemupdates durch.
  • Die Symptome können verschwunden sein, jedoch bedeutet das Verschwinden von äußeren Merkmalen einer Infektion nicht, dass du wieder clean bist.
    • Ich werde dir ein eindeutiges Clean geben, solange arbeite bitte mit.
Hinweise
  • Ich kann dir nie eine Garantie geben, dass alles entfernt wurde. Die Formatierung der Festplatte und das Neuinstallieren deines Betriebssystems ist immer sicherer und meistens schneller.
  • Die von uns benutzten Programme erstellen meist ein Ergebnisprotokoll (Logfile genannt). Bitte füge alle von mir in einem Schritt geforderten Logfiles in einer Antwort/einem Post ein.
Wenn du alles gelesen hast, kann es losgehen. Bitte speichere alle Programme auf dem Desktop und führe sie von dort aus.



Schritt 1
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
S2 Winmgmt; C:\Users\Donna\AppData\Local\Temp\lweawjfi.cpp [228864 2014-01-18] (hxxp://tortoisesvn.net)
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ifjwaewl.lnk
ShortcutTarget: ifjwaewl.lnk -> C:\Users\Donna\AppData\Local\Temp\lweawjfi.cpp (hxxp://tortoisesvn.net)
HKU\Donna\...\Run: [svñhîst] - %USERPROFILE%\wgsdgsdgdsgsd.exe
%USERPROFILE%\wgsdgsdgdsgsd.exe
C:\ProgramData\8DN5HY.dat
C:\ProgramData\ifjwaewl.odd
C:\Windows\Tasks\At*.job
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Hat der Fix funktioniert und du kannst Windows wieder normal starten?



Poste folgende Logfiles in deiner nächsten Antwort:
  • FRST-Fix
__________________
__________________

Alt 18.01.2014, 23:09   #4
donnaschlag
 
Interpool Trojaner auf meinem Laptop - Standard

Interpool Trojaner auf meinem Laptop



Ja, ich kann Windiws wieder nirmal starten, danke. Muss ich jetzte nich was machen?
Hier die Fixlog Datei:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-01-2014 03
Ran by SYSTEM at 2014-01-18 23:05:42 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
S2 Winmgmt; C:\Users\Donna\AppData\Local\Temp\lweawjfi.cpp [228864 2014-01-18] (hxxp://tortoisesvn.net)
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ifjwaewl.lnk
ShortcutTarget: ifjwaewl.lnk -> C:\Users\Donna\AppData\Local\Temp\lweawjfi.cpp (hxxp://tortoisesvn.net)
HKU\Donna\...\Run: [svñhîst] - %USERPROFILE%\wgsdgsdgdsgsd.exe
%USERPROFILE%\wgsdgsdgdsgsd.exe
C:\ProgramData\8DN5HY.dat
C:\ProgramData\ifjwaewl.odd
C:\Windows\Tasks\At*.job
*****************

Winmgmt => Service restored successfully.
C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ifjwaewl.lnk => Moved successfully.
C:\Users\Donna\AppData\Local\Temp\lweawjfi.cpp => Moved successfully.
HKU\Donna\Software\Microsoft\Windows\CurrentVersion\Run\\svñhîst => Value deleted successfully.
C:\ProgramData\8DN5HY.dat => Moved successfully.
C:\ProgramData\ifjwaewl.odd => Moved successfully.
C:\Windows\Tasks\At*.job => Moved successfully.

==== End of Fixlog ====

Alt 19.01.2014, 00:31   #5
sunjojo
/// Malwareteam
 
Interpool Trojaner auf meinem Laptop - Standard

Interpool Trojaner auf meinem Laptop



Zitat:
Ja, ich kann Windiws wieder nirmal starten, danke. Muss ich jetzte nich was machen?
Jop, wir sind noch nicht fertig .



Verschiebe bitte die FRST.exe Datei von deinem USB-Stick auf deinen Desktop und führe folgenden Schritt aus.
Schritt 1
Starte noch einmal FRST.
  • Setze einen Haken bei Addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt der Logfiles bitte hier in deinen Thread.



Poste folgende Logfiles in deiner nächsten Antwort:
  • FRST-Scan

__________________
Gruß,

Jonas

Alt 19.01.2014, 09:39   #6
donnaschlag
 
Interpool Trojaner auf meinem Laptop - Standard

Interpool Trojaner auf meinem Laptop



Morgen, habe den SCangerade durchgeführt und hier sind die beiden txt Dateien

FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 03
Ran by Donna (administrator) on NACHTSCHATTEN on 19-01-2014 09:31:03
Running from C:\Users\Donna\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Silicon Integrated Systems Corporation) C:\Program Files\SiS VGA Utilities\SiSTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SiSTray] - C:\Program Files\SiS VGA Utilities\SiSTray.exe [552960 2009-11-12] (Silicon Integrated Systems Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800 2010-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MountPoints2: {50b4e269-cc82-11df-97d6-0090f58dfeb4} - E:\AutoRun.exe
MountPoints2: {50b4e277-cc82-11df-97d6-0090f58dfeb4} - E:\AutoRun.exe
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.4&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x50CDC11918A5CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.4&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.4&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&st=chrome&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.4&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&st=chrome&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.4&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&st=chrome&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.4&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&st=chrome&q=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.4&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&q={searchTerms}
SearchScopes: HKLM - {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.4&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {403f1dfa-77d4-48ef-b068-d95e23d5bfd8} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {DFD92D72-99E3-4E26-AAE3-C9E5CD25531B} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.4&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&q={searchTerms}
SearchScopes: HKCU - {e2fc1314-151c-49b3-9a43-ed3c4b45efbb} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.3&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&q={searchTerms}
SearchScopes: HKCU - {e45bd839-9925-4185-a267-57c94fde1721} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.3&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&q={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: HomeTab - {19a395c9-823b-4700-b817-396fc84ffb16} - C:\Users\Donna\AppData\Roaming\HomeTab\HomeTab.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - HomeTab - {19a395c9-823b-4700-b817-396fc84ffb16} - C:\Users\Donna\AppData\Roaming\HomeTab\HomeTab.dll No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-05-30] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-13] (Realtek Semiconductor Corporation                           )
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-19 09:31 - 2014-01-19 09:31 - 00012148 _____ C:\Users\Donna\Desktop\FRST.txt
2014-01-19 09:30 - 2014-01-18 19:09 - 01220608 _____ (Farbar) C:\Users\Donna\Desktop\FRST.exe
2014-01-19 04:42 - 2014-01-19 04:42 - 00000000 ____D C:\FRST
2014-01-04 18:17 - 2014-01-04 18:27 - 00000000 ____D C:\Users\Donna\Desktop\Ebay

==================== One Month Modified Files and Folders =======

2014-01-19 09:31 - 2014-01-19 09:31 - 00012148 _____ C:\Users\Donna\Desktop\FRST.txt
2014-01-19 09:30 - 2009-07-14 05:39 - 00050709 _____ C:\Windows\setupact.log
2014-01-19 09:27 - 2012-06-20 10:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-19 04:42 - 2014-01-19 04:42 - 00000000 ____D C:\FRST
2014-01-18 23:17 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-18 23:17 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-18 23:15 - 2010-02-03 21:18 - 02003688 _____ C:\Windows\WindowsUpdate.log
2014-01-18 23:07 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-18 19:09 - 2014-01-19 09:30 - 01220608 _____ (Farbar) C:\Users\Donna\Desktop\FRST.exe
2014-01-18 18:17 - 2010-02-03 22:37 - 00189648 _____ C:\Windows\PFRO.log
2014-01-16 16:17 - 2010-02-07 16:40 - 00002568 ___SH C:\Windows\system32\KGyGaAvL.sys
2014-01-15 09:26 - 2010-05-23 20:58 - 00000000 ____D C:\Users\Donna\AppData\Roaming\Skype
2014-01-06 14:30 - 2010-02-03 21:38 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-04 18:27 - 2014-01-04 18:17 - 00000000 ____D C:\Users\Donna\Desktop\Ebay
2013-12-22 11:03 - 2013-05-07 19:05 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-22 11:03 - 2012-12-03 09:25 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-22 11:03 - 2012-12-03 09:25 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Some content of TEMP:
====================
C:\Users\Donna\AppData\Local\Temp\avgnt.exe
C:\Users\Donna\AppData\Local\Temp\HomeTab.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\qmph.dll
C:\Users\Donna\AppData\Local\Temp\tbu1C31.exe
C:\Users\Donna\AppData\Local\Temp\tbu32A8.exe
C:\Users\Donna\AppData\Local\Temp\tbu3E8D.exe
C:\Users\Donna\AppData\Local\Temp\tbu418A.exe
C:\Users\Donna\AppData\Local\Temp\tbu48FE.exe
C:\Users\Donna\AppData\Local\Temp\tbu59C.exe
C:\Users\Donna\AppData\Local\Temp\tbu770F.exe
C:\Users\Donna\AppData\Local\Temp\tbu993B.exe
C:\Users\Donna\AppData\Local\Temp\tbuC15E.exe
C:\Users\Donna\AppData\Local\Temp\tbuE259.exe
C:\Users\Donna\AppData\Local\Temp\tbuF1FF.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 00:42

==================== End Of Log ============================
         
--- --- ---


Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-01-2014 03
Ran by Donna at 2014-01-19 09:31:42
Running from C:\Users\Donna\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
6500_E709_eDocs (Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (Version: 140.0.000.000 - Hewlett-Packard) Hidden
Adobe Bridge 1.0 (Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
Apple Application Support (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Brother MFL-Pro Suite DCP-150C (Version: 1.0.2.0 - Brother Industries, Ltd.)
BufferChm (Version: 140.0.213.000 - Hewlett-Packard) Hidden
CorelDRAW Graphics Suite X3 (Version: 13.0 - Corel Corporation)
DE (Version: 13.0 - Corel Corporation) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.213.000 - Hewlett-Packard) Hidden
DocMgr (Version: 140.0.65.000 - Ihr Firmenname) Hidden
DocProc (Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dropbox (Version: 0.7.110 - )
Fax (Version: 140.0.213.000 - Hewlett-Packard) Hidden
FontNav (Version: 5.0 - Corel Corporation) Hidden
GPBaseService2 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (Version: 14.0 - HP)
HP Document Manager 2.0 (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (Version: 4.60 - HP)
HP Solution Center 14.0 (Version: 14.0 - HP)
HP Update (Version: 5.002.002.002 - Hewlett-Packard)
HPProductAssistant (Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.212.000 - Hewlett-Packard) Hidden
iTunes (Version: 10.6.3.25 - Apple Inc.)
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (Version: 2.1.1 - Oracle Corporation)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Default Manager (Version: 2.1.55.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (Version:  - )
Nero 9 Essentials (Version:  - Nero AG)
Nero BurnRights (Version: 3.4.10.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.10.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.10.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.10.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.11.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (Version: 14.0 - HP)
ProductContext (Version: 140.0.000.000 - Hewlett-Packard) Hidden
Samsung Kies (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 140.0.167.000 - Hewlett-Packard) Hidden
SCHLECKER Foto Digital Service (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Shop for HP Supplies (Version: 14.0 - HP)
SiS VGA Utilities (Version: 5.24 - Silicon Integrated Systems Corporation)
Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (Version: 14.0.3.0 - Synaptics Incorporated)
TeKu2000 (Version:  - )
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VBA (Version: 6.2 - Corel Corporation) Hidden
WebReg (Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Restore Points  =========================

26-08-2013 16:41:05 Geplanter Prüfpunkt
09-09-2013 13:54:49 Geplanter Prüfpunkt
30-09-2013 09:02:39 Windows Update
16-10-2013 15:07:01 Geplanter Prüfpunkt
20-10-2013 09:02:30 Windows Update
06-11-2013 14:09:57 Installed Java 7 Update 45
02-01-2014 09:37:30 Geplanter Prüfpunkt
15-01-2014 18:08:00 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2010-10-19 21:32 - 2010-10-19 21:35 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02293502-08D9-4FD1-8959-FBB4A5C7537E} - System32\Tasks\At37 => C:\ProgramData\KOBXSXSB.exe
Task: {04D25219-9CAC-484D-BD87-FFFF9DE82831} - System32\Tasks\At16 => C:\ProgramData\KOBXSXSB.exe
Task: {04E4E49C-AEDD-4585-9AE9-531F2C87042F} - System32\Tasks\At10 => C:\ProgramData\KOBXSXSB.exe
Task: {1953E405-5253-4BB0-ABBC-C660FFA92E3C} - System32\Tasks\At21 => C:\ProgramData\KOBXSXSB.exe
Task: {206AAED8-B538-45D0-A886-2251585FE754} - System32\Tasks\At6 => C:\ProgramData\KOBXSXSB.exe
Task: {231366A2-AA17-469A-BE6C-CF20D9D1ADFC} - System32\Tasks\At5 => C:\ProgramData\KOBXSXSB.exe
Task: {2462C6A6-516D-4262-972A-9BF723D6E065} - System32\Tasks\At29 => C:\ProgramData\KOBXSXSB.exe
Task: {256C063D-4367-4FAC-8869-8BD087427BAA} - System32\Tasks\At41 => C:\ProgramData\KOBXSXSB.exe
Task: {2936673C-D437-483D-A346-F0AF7447BA9B} - System32\Tasks\At47 => C:\ProgramData\KOBXSXSB.exe
Task: {2A14C2C1-5249-4197-9C47-307EDDFE8819} - System32\Tasks\At12 => C:\ProgramData\KOBXSXSB.exe
Task: {2C3E6918-34A1-4ED1-AD49-A221366646D2} - System32\Tasks\At9 => C:\ProgramData\KOBXSXSB.exe
Task: {2F7538C2-1BE8-4E23-AFD2-E7E7F103E697} - System32\Tasks\At7 => C:\ProgramData\KOBXSXSB.exe
Task: {30A59498-D1C7-40AC-B1A1-2805AC5552EB} - System32\Tasks\{2EBC0221-58E3-425B-B041-DCFB5B0FB838} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.259/de/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {32BE35AC-AB90-4D09-8708-C501612F351B} - System32\Tasks\At38 => C:\ProgramData\KOBXSXSB.exe
Task: {33C9C576-6BAC-42CD-A9F2-CE5B4EFA26BC} - System32\Tasks\At40 => C:\ProgramData\KOBXSXSB.exe
Task: {366E6C4B-6505-40EF-BF61-1C232580D95C} - System32\Tasks\At45 => C:\ProgramData\KOBXSXSB.exe
Task: {4D1DAF15-EA84-4A11-AC28-0B4F73875C73} - System32\Tasks\At34 => C:\ProgramData\KOBXSXSB.exe
Task: {572D3D73-A7B6-436F-B395-81B6F40F7FC8} - System32\Tasks\At46 => C:\ProgramData\KOBXSXSB.exe
Task: {60217EC9-EEB7-4527-AA82-ABA3FD7C82AF} - System32\Tasks\At15 => C:\ProgramData\KOBXSXSB.exe
Task: {625BAC05-FA5B-40D4-8137-371641D5907B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {66C49895-EF4A-48BA-A91F-E60AC763C4A7} - System32\Tasks\At14 => C:\ProgramData\KOBXSXSB.exe
Task: {6D557B6D-9CF3-4BDA-AAB9-3CD1D707E19A} - System32\Tasks\At33 => C:\ProgramData\KOBXSXSB.exe
Task: {6DF1C2DB-E47B-46E7-A557-6167D5AC45CC} - System32\Tasks\{9EBC9427-4453-4063-8F21-B0B8D2EA7436} => C:\Program Files\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {71307689-D7E4-4B7D-88E5-87258C27E003} - System32\Tasks\At11 => C:\ProgramData\KOBXSXSB.exe
Task: {778B974A-775C-4EB0-A62A-D5BA4690AABB} - System32\Tasks\At25 => C:\ProgramData\KOBXSXSB.exe
Task: {7B4CE5C8-957B-4AD4-A5A7-D365DB8EEEC2} - System32\Tasks\At13 => C:\ProgramData\KOBXSXSB.exe
Task: {7C10B180-A149-4B7D-BE16-835187D0BE85} - System32\Tasks\At35 => C:\ProgramData\KOBXSXSB.exe
Task: {7ED87507-ED43-4B2F-A162-060F8A0C42FC} - System32\Tasks\At43 => C:\ProgramData\KOBXSXSB.exe
Task: {837644DB-DD43-4171-893E-C144A0D01BDF} - System32\Tasks\At8 => C:\ProgramData\KOBXSXSB.exe
Task: {86B914F1-BBF9-4CB4-BFA3-D1E4EBA56132} - System32\Tasks\{C6E4F5EB-B73F-4173-A9C9-2E0FAFB05C65} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.187/en/abandoninstall?page=tsGoogle&installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: {88197E57-7DD3-43A8-8FF1-535B30E45100} - System32\Tasks\At42 => C:\ProgramData\KOBXSXSB.exe
Task: {8989DC4A-61CD-4DA5-887C-75B43AB9B5E4} - System32\Tasks\At32 => C:\ProgramData\KOBXSXSB.exe
Task: {8A06E4F5-2961-4278-81BF-9A8D7608D894} - System32\Tasks\At18 => C:\ProgramData\KOBXSXSB.exe
Task: {95D15582-A454-4961-B218-EF76685117E3} - System32\Tasks\At27 => C:\ProgramData\KOBXSXSB.exe
Task: {9DF46DF1-EAD3-4061-B421-63DB2B313BB5} - System32\Tasks\At1 => C:\ProgramData\KOBXSXSB.exe
Task: {A43309EB-2D1F-4C6A-924A-0AC6CB3D7CF8} - System32\Tasks\At28 => C:\ProgramData\KOBXSXSB.exe
Task: {A79F4B2C-E4B8-4892-A2A5-A0E5C5AAF71A} - System32\Tasks\At3 => C:\ProgramData\KOBXSXSB.exe
Task: {A7E4A8CC-83A1-47E4-86D0-421BE13C5FB7} - System32\Tasks\At26 => C:\ProgramData\KOBXSXSB.exe
Task: {B06BABCC-2ABE-4FA9-BD9C-8B64AC930848} - System32\Tasks\At30 => C:\ProgramData\KOBXSXSB.exe
Task: {B5A9FD63-1B79-41A9-AB6A-E8E7D54DE61B} - System32\Tasks\At24 => C:\ProgramData\KOBXSXSB.exe
Task: {BB0B83B1-60EE-49FC-A884-CC8C1F08F6A6} - System32\Tasks\At17 => C:\ProgramData\KOBXSXSB.exe
Task: {BE1C28AC-5500-4E83-BEB9-C96E96FEE5B6} - System32\Tasks\At20 => C:\ProgramData\KOBXSXSB.exe
Task: {C224254D-53F0-4E0B-99E0-988F14A0278B} - System32\Tasks\At48 => C:\ProgramData\KOBXSXSB.exe
Task: {C4B5A947-0C46-4432-89DB-0C2FEDD4D12E} - System32\Tasks\At22 => C:\ProgramData\KOBXSXSB.exe
Task: {C95A33C3-CB61-4174-9139-D12AA4038EE0} - System32\Tasks\At4 => C:\ProgramData\KOBXSXSB.exe
Task: {C9782A06-D7D4-44B6-8647-88B046427574} - System32\Tasks\At44 => C:\ProgramData\KOBXSXSB.exe
Task: {CA04B4D4-3CE3-46B0-AF50-A791F77BE1CF} - System32\Tasks\At2 => C:\ProgramData\KOBXSXSB.exe
Task: {D09218C7-5926-443A-8230-24EF70595F2B} - System32\Tasks\At31 => C:\ProgramData\KOBXSXSB.exe
Task: {DD7D0F5B-1331-4C13-89F5-C16DC0DC0C25} - System32\Tasks\At39 => C:\ProgramData\KOBXSXSB.exe
Task: {EBC2D525-DFCA-45E8-9FF6-C65A8ABC4BED} - System32\Tasks\At19 => C:\ProgramData\KOBXSXSB.exe
Task: {F2FE3844-E213-421D-8CFE-1F5727859CB4} - System32\Tasks\At36 => C:\ProgramData\KOBXSXSB.exe
Task: {FEBCB14B-E7D4-4387-A3F0-018A9C28C7A8} - System32\Tasks\At23 => C:\ProgramData\KOBXSXSB.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-02-20 13:20 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-20 22:48 - 2013-03-20 22:48 - 01928704 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7e54989d439c94a9254051e9c17d5650\Kies.UI.ni.dll
2013-03-20 22:48 - 2013-03-20 22:48 - 00079360 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\48c087dd6e18fcbd057e0b1dd6cfa2fd\Kies.MVVM.ni.dll
2013-03-20 22:48 - 2013-03-20 22:48 - 00184832 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0ec1f5148809454e7dd63148636a05b2\Kies.Common.DeviceServiceLib.Interface.ni.dll
2013-03-20 22:52 - 2013-03-20 22:52 - 00353280 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\cc31b394afc58c54cae2b7d0d8c33cf7\DevicePhoto.ni.dll
2013-03-20 22:52 - 2013-03-20 22:52 - 00299520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\0990965afc0db853d38d302fb30b99d5\DeviceVideo.ni.dll
2013-03-20 22:52 - 2013-03-20 22:52 - 00615424 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\5afdd6b1217fcb271881226a1e288567\DevicePodcast.ni.dll
2013-03-20 22:52 - 2013-03-20 22:52 - 00307200 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\1b6f3c9a32cd1976fb79b2445e586939\DummyStorePlugin.ni.dll
2013-03-20 22:52 - 2013-03-20 22:52 - 17357824 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\0f4155c806e86a023b835d9070774f89\Kies.Theme.ni.dll
2013-03-20 22:51 - 2013-03-20 22:51 - 00572416 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3e9bfbd5f2cf47b8d36c1c4a9a5699c8\Kies.Common.DeviceServiceLib.FileService.ni.dll
2013-03-20 22:49 - 2013-03-20 22:49 - 00040448 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d77da7b6668e27f63af7da941e221304\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2013-03-20 22:51 - 2013-03-20 22:51 - 00232960 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2014 06:06:42 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/18 18:06:42.513]: [00000648]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (01/18/2014 06:06:41 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/18 18:06:41.513]: [00000648]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (01/18/2014 06:06:40 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/18 18:06:40.334]: [00000648]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (01/18/2014 06:06:39 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/18 18:06:39.109]: [00000648]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (01/18/2014 06:06:37 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/18 18:06:37.921]: [00000648]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (01/17/2014 06:47:17 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/17 18:47:17.162]: [00000648]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (01/17/2014 06:47:16 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/17 18:47:16.130]: [00000648]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (01/17/2014 06:32:37 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/17 18:32:37.812]: [00000648]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (01/17/2014 06:32:36 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/17 18:32:36.812]: [00000648]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (01/16/2014 10:32:42 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/16 22:32:42.617]: [00000648]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5


System errors:
=============
Error: (01/18/2014 11:10:33 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a45\??\C:\System Volume Information\Syscache.hve

Error: (01/18/2014 11:09:55 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
PxHelp20

Error: (01/18/2014 11:07:56 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎18.‎01.‎2014 um 19:30:52 unerwartet heruntergefahren.

Error: (01/18/2014 06:45:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (01/18/2014 06:39:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (01/18/2014 06:38:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (01/18/2014 06:38:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (01/18/2014 06:37:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (01/18/2014 06:37:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (01/18/2014 06:36:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126


Microsoft Office Sessions:
=========================
Error: (07/13/2013 06:59:49 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/10/2013 10:10:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/16/2013 08:55:41 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 14 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/16/2011 07:44:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 52 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/02/2010 07:35:50 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/02/2010 07:35:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 30%
Total physical RAM: 3055.17 MB
Available physical RAM: 2138.48 MB
Total Pagefile: 6108.62 MB
Available Pagefile: 4859.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:207.82 GB) NTFS
Drive e: (VOLUME) (Removable) (Total:29.28 GB) (Free:29.28 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0F2202EA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=29 GB) - (Type=0C)

==================== End Of Log ============================
         

Alt 19.01.2014, 15:48   #7
sunjojo
/// Malwareteam
 
Interpool Trojaner auf meinem Laptop - Standard

Interpool Trojaner auf meinem Laptop



Ok, dann entfernen wir mal die Reste .



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {02293502-08D9-4FD1-8959-FBB4A5C7537E} - System32\Tasks\At37 => C:\ProgramData\KOBXSXSB.exe
Task: {04D25219-9CAC-484D-BD87-FFFF9DE82831} - System32\Tasks\At16 => C:\ProgramData\KOBXSXSB.exe
Task: {04E4E49C-AEDD-4585-9AE9-531F2C87042F} - System32\Tasks\At10 => C:\ProgramData\KOBXSXSB.exe
Task: {1953E405-5253-4BB0-ABBC-C660FFA92E3C} - System32\Tasks\At21 => C:\ProgramData\KOBXSXSB.exe
Task: {206AAED8-B538-45D0-A886-2251585FE754} - System32\Tasks\At6 => C:\ProgramData\KOBXSXSB.exe
Task: {231366A2-AA17-469A-BE6C-CF20D9D1ADFC} - System32\Tasks\At5 => C:\ProgramData\KOBXSXSB.exe
Task: {2462C6A6-516D-4262-972A-9BF723D6E065} - System32\Tasks\At29 => C:\ProgramData\KOBXSXSB.exe
Task: {256C063D-4367-4FAC-8869-8BD087427BAA} - System32\Tasks\At41 => C:\ProgramData\KOBXSXSB.exe
Task: {2936673C-D437-483D-A346-F0AF7447BA9B} - System32\Tasks\At47 => C:\ProgramData\KOBXSXSB.exe
Task: {2A14C2C1-5249-4197-9C47-307EDDFE8819} - System32\Tasks\At12 => C:\ProgramData\KOBXSXSB.exe
Task: {2C3E6918-34A1-4ED1-AD49-A221366646D2} - System32\Tasks\At9 => C:\ProgramData\KOBXSXSB.exe
Task: {2F7538C2-1BE8-4E23-AFD2-E7E7F103E697} - System32\Tasks\At7 => C:\ProgramData\KOBXSXSB.exe
Task: {32BE35AC-AB90-4D09-8708-C501612F351B} - System32\Tasks\At38 => C:\ProgramData\KOBXSXSB.exe
Task: {33C9C576-6BAC-42CD-A9F2-CE5B4EFA26BC} - System32\Tasks\At40 => C:\ProgramData\KOBXSXSB.exe
Task: {366E6C4B-6505-40EF-BF61-1C232580D95C} - System32\Tasks\At45 => C:\ProgramData\KOBXSXSB.exe
Task: {4D1DAF15-EA84-4A11-AC28-0B4F73875C73} - System32\Tasks\At34 => C:\ProgramData\KOBXSXSB.exe
Task: {572D3D73-A7B6-436F-B395-81B6F40F7FC8} - System32\Tasks\At46 => C:\ProgramData\KOBXSXSB.exe
Task: {60217EC9-EEB7-4527-AA82-ABA3FD7C82AF} - System32\Tasks\At15 => C:\ProgramData\KOBXSXSB.exe
Task: {66C49895-EF4A-48BA-A91F-E60AC763C4A7} - System32\Tasks\At14 => C:\ProgramData\KOBXSXSB.exe
Task: {6D557B6D-9CF3-4BDA-AAB9-3CD1D707E19A} - System32\Tasks\At33 => C:\ProgramData\KOBXSXSB.exe
Task: {71307689-D7E4-4B7D-88E5-87258C27E003} - System32\Tasks\At11 => C:\ProgramData\KOBXSXSB.exe
Task: {778B974A-775C-4EB0-A62A-D5BA4690AABB} - System32\Tasks\At25 => C:\ProgramData\KOBXSXSB.exe
Task: {7B4CE5C8-957B-4AD4-A5A7-D365DB8EEEC2} - System32\Tasks\At13 => C:\ProgramData\KOBXSXSB.exe
Task: {7C10B180-A149-4B7D-BE16-835187D0BE85} - System32\Tasks\At35 => C:\ProgramData\KOBXSXSB.exe
Task: {7ED87507-ED43-4B2F-A162-060F8A0C42FC} - System32\Tasks\At43 => C:\ProgramData\KOBXSXSB.exe
Task: {837644DB-DD43-4171-893E-C144A0D01BDF} - System32\Tasks\At8 => C:\ProgramData\KOBXSXSB.exe
Task: {88197E57-7DD3-43A8-8FF1-535B30E45100} - System32\Tasks\At42 => C:\ProgramData\KOBXSXSB.exe
Task: {8989DC4A-61CD-4DA5-887C-75B43AB9B5E4} - System32\Tasks\At32 => C:\ProgramData\KOBXSXSB.exe
Task: {8A06E4F5-2961-4278-81BF-9A8D7608D894} - System32\Tasks\At18 => C:\ProgramData\KOBXSXSB.exe
Task: {95D15582-A454-4961-B218-EF76685117E3} - System32\Tasks\At27 => C:\ProgramData\KOBXSXSB.exe
Task: {9DF46DF1-EAD3-4061-B421-63DB2B313BB5} - System32\Tasks\At1 => C:\ProgramData\KOBXSXSB.exe
Task: {A43309EB-2D1F-4C6A-924A-0AC6CB3D7CF8} - System32\Tasks\At28 => C:\ProgramData\KOBXSXSB.exe
Task: {A79F4B2C-E4B8-4892-A2A5-A0E5C5AAF71A} - System32\Tasks\At3 => C:\ProgramData\KOBXSXSB.exe
Task: {A7E4A8CC-83A1-47E4-86D0-421BE13C5FB7} - System32\Tasks\At26 => C:\ProgramData\KOBXSXSB.exe
Task: {B06BABCC-2ABE-4FA9-BD9C-8B64AC930848} - System32\Tasks\At30 => C:\ProgramData\KOBXSXSB.exe
Task: {B5A9FD63-1B79-41A9-AB6A-E8E7D54DE61B} - System32\Tasks\At24 => C:\ProgramData\KOBXSXSB.exe
Task: {BB0B83B1-60EE-49FC-A884-CC8C1F08F6A6} - System32\Tasks\At17 => C:\ProgramData\KOBXSXSB.exe
Task: {BE1C28AC-5500-4E83-BEB9-C96E96FEE5B6} - System32\Tasks\At20 => C:\ProgramData\KOBXSXSB.exe
Task: {C224254D-53F0-4E0B-99E0-988F14A0278B} - System32\Tasks\At48 => C:\ProgramData\KOBXSXSB.exe
Task: {C4B5A947-0C46-4432-89DB-0C2FEDD4D12E} - System32\Tasks\At22 => C:\ProgramData\KOBXSXSB.exe
Task: {C95A33C3-CB61-4174-9139-D12AA4038EE0} - System32\Tasks\At4 => C:\ProgramData\KOBXSXSB.exe
Task: {C9782A06-D7D4-44B6-8647-88B046427574} - System32\Tasks\At44 => C:\ProgramData\KOBXSXSB.exe
Task: {CA04B4D4-3CE3-46B0-AF50-A791F77BE1CF} - System32\Tasks\At2 => C:\ProgramData\KOBXSXSB.exe
Task: {D09218C7-5926-443A-8230-24EF70595F2B} - System32\Tasks\At31 => C:\ProgramData\KOBXSXSB.exe
Task: {DD7D0F5B-1331-4C13-89F5-C16DC0DC0C25} - System32\Tasks\At39 => C:\ProgramData\KOBXSXSB.exe
Task: {EBC2D525-DFCA-45E8-9FF6-C65A8ABC4BED} - System32\Tasks\At19 => C:\ProgramData\KOBXSXSB.exe
Task: {F2FE3844-E213-421D-8CFE-1F5727859CB4} - System32\Tasks\At36 => C:\ProgramData\KOBXSXSB.exe
Task: {FEBCB14B-E7D4-4387-A3F0-018A9C28C7A8} - System32\Tasks\At23 => C:\ProgramData\KOBXSXSB.exe
C:\ProgramData\KOBXSXSB.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3
Starte noch einmal FRST.
  • Setze einen Haken bei Addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt der Logfiles bitte hier in deinen Thread.



Poste folgende Logfiles in deiner nächsten Antwort:
  • FRST-Fix
  • AdwCleaner-Scan
  • FRST-Scan
__________________
Gruß,

Jonas

Alt 19.01.2014, 20:02   #8
donnaschlag
 
Interpool Trojaner auf meinem Laptop - Standard

Interpool Trojaner auf meinem Laptop



So, alles gemacht, hier die vier Dateien:

Fixlog.txt

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2014 04
Ran by Donna at 2014-01-19 19:49:16 Run:2
Running from C:\Users\Donna\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Task: {02293502-08D9-4FD1-8959-FBB4A5C7537E} - System32\Tasks\At37 => C:\ProgramData\KOBXSXSB.exe
Task: {04D25219-9CAC-484D-BD87-FFFF9DE82831} - System32\Tasks\At16 => C:\ProgramData\KOBXSXSB.exe
Task: {04E4E49C-AEDD-4585-9AE9-531F2C87042F} - System32\Tasks\At10 => C:\ProgramData\KOBXSXSB.exe
Task: {1953E405-5253-4BB0-ABBC-C660FFA92E3C} - System32\Tasks\At21 => C:\ProgramData\KOBXSXSB.exe
Task: {206AAED8-B538-45D0-A886-2251585FE754} - System32\Tasks\At6 => C:\ProgramData\KOBXSXSB.exe
Task: {231366A2-AA17-469A-BE6C-CF20D9D1ADFC} - System32\Tasks\At5 => C:\ProgramData\KOBXSXSB.exe
Task: {2462C6A6-516D-4262-972A-9BF723D6E065} - System32\Tasks\At29 => C:\ProgramData\KOBXSXSB.exe
Task: {256C063D-4367-4FAC-8869-8BD087427BAA} - System32\Tasks\At41 => C:\ProgramData\KOBXSXSB.exe
Task: {2936673C-D437-483D-A346-F0AF7447BA9B} - System32\Tasks\At47 => C:\ProgramData\KOBXSXSB.exe
Task: {2A14C2C1-5249-4197-9C47-307EDDFE8819} - System32\Tasks\At12 => C:\ProgramData\KOBXSXSB.exe
Task: {2C3E6918-34A1-4ED1-AD49-A221366646D2} - System32\Tasks\At9 => C:\ProgramData\KOBXSXSB.exe
Task: {2F7538C2-1BE8-4E23-AFD2-E7E7F103E697} - System32\Tasks\At7 => C:\ProgramData\KOBXSXSB.exe
Task: {32BE35AC-AB90-4D09-8708-C501612F351B} - System32\Tasks\At38 => C:\ProgramData\KOBXSXSB.exe
Task: {33C9C576-6BAC-42CD-A9F2-CE5B4EFA26BC} - System32\Tasks\At40 => C:\ProgramData\KOBXSXSB.exe
Task: {366E6C4B-6505-40EF-BF61-1C232580D95C} - System32\Tasks\At45 => C:\ProgramData\KOBXSXSB.exe
Task: {4D1DAF15-EA84-4A11-AC28-0B4F73875C73} - System32\Tasks\At34 => C:\ProgramData\KOBXSXSB.exe
Task: {572D3D73-A7B6-436F-B395-81B6F40F7FC8} - System32\Tasks\At46 => C:\ProgramData\KOBXSXSB.exe
Task: {60217EC9-EEB7-4527-AA82-ABA3FD7C82AF} - System32\Tasks\At15 => C:\ProgramData\KOBXSXSB.exe
Task: {66C49895-EF4A-48BA-A91F-E60AC763C4A7} - System32\Tasks\At14 => C:\ProgramData\KOBXSXSB.exe
Task: {6D557B6D-9CF3-4BDA-AAB9-3CD1D707E19A} - System32\Tasks\At33 => C:\ProgramData\KOBXSXSB.exe
Task: {71307689-D7E4-4B7D-88E5-87258C27E003} - System32\Tasks\At11 => C:\ProgramData\KOBXSXSB.exe
Task: {778B974A-775C-4EB0-A62A-D5BA4690AABB} - System32\Tasks\At25 => C:\ProgramData\KOBXSXSB.exe
Task: {7B4CE5C8-957B-4AD4-A5A7-D365DB8EEEC2} - System32\Tasks\At13 => C:\ProgramData\KOBXSXSB.exe
Task: {7C10B180-A149-4B7D-BE16-835187D0BE85} - System32\Tasks\At35 => C:\ProgramData\KOBXSXSB.exe
Task: {7ED87507-ED43-4B2F-A162-060F8A0C42FC} - System32\Tasks\At43 => C:\ProgramData\KOBXSXSB.exe
Task: {837644DB-DD43-4171-893E-C144A0D01BDF} - System32\Tasks\At8 => C:\ProgramData\KOBXSXSB.exe
Task: {88197E57-7DD3-43A8-8FF1-535B30E45100} - System32\Tasks\At42 => C:\ProgramData\KOBXSXSB.exe
Task: {8989DC4A-61CD-4DA5-887C-75B43AB9B5E4} - System32\Tasks\At32 => C:\ProgramData\KOBXSXSB.exe
Task: {8A06E4F5-2961-4278-81BF-9A8D7608D894} - System32\Tasks\At18 => C:\ProgramData\KOBXSXSB.exe
Task: {95D15582-A454-4961-B218-EF76685117E3} - System32\Tasks\At27 => C:\ProgramData\KOBXSXSB.exe
Task: {9DF46DF1-EAD3-4061-B421-63DB2B313BB5} - System32\Tasks\At1 => C:\ProgramData\KOBXSXSB.exe
Task: {A43309EB-2D1F-4C6A-924A-0AC6CB3D7CF8} - System32\Tasks\At28 => C:\ProgramData\KOBXSXSB.exe
Task: {A79F4B2C-E4B8-4892-A2A5-A0E5C5AAF71A} - System32\Tasks\At3 => C:\ProgramData\KOBXSXSB.exe
Task: {A7E4A8CC-83A1-47E4-86D0-421BE13C5FB7} - System32\Tasks\At26 => C:\ProgramData\KOBXSXSB.exe
Task: {B06BABCC-2ABE-4FA9-BD9C-8B64AC930848} - System32\Tasks\At30 => C:\ProgramData\KOBXSXSB.exe
Task: {B5A9FD63-1B79-41A9-AB6A-E8E7D54DE61B} - System32\Tasks\At24 => C:\ProgramData\KOBXSXSB.exe
Task: {BB0B83B1-60EE-49FC-A884-CC8C1F08F6A6} - System32\Tasks\At17 => C:\ProgramData\KOBXSXSB.exe
Task: {BE1C28AC-5500-4E83-BEB9-C96E96FEE5B6} - System32\Tasks\At20 => C:\ProgramData\KOBXSXSB.exe
Task: {C224254D-53F0-4E0B-99E0-988F14A0278B} - System32\Tasks\At48 => C:\ProgramData\KOBXSXSB.exe
Task: {C4B5A947-0C46-4432-89DB-0C2FEDD4D12E} - System32\Tasks\At22 => C:\ProgramData\KOBXSXSB.exe
Task: {C95A33C3-CB61-4174-9139-D12AA4038EE0} - System32\Tasks\At4 => C:\ProgramData\KOBXSXSB.exe
Task: {C9782A06-D7D4-44B6-8647-88B046427574} - System32\Tasks\At44 => C:\ProgramData\KOBXSXSB.exe
Task: {CA04B4D4-3CE3-46B0-AF50-A791F77BE1CF} - System32\Tasks\At2 => C:\ProgramData\KOBXSXSB.exe
Task: {D09218C7-5926-443A-8230-24EF70595F2B} - System32\Tasks\At31 => C:\ProgramData\KOBXSXSB.exe
Task: {DD7D0F5B-1331-4C13-89F5-C16DC0DC0C25} - System32\Tasks\At39 => C:\ProgramData\KOBXSXSB.exe
Task: {EBC2D525-DFCA-45E8-9FF6-C65A8ABC4BED} - System32\Tasks\At19 => C:\ProgramData\KOBXSXSB.exe
Task: {F2FE3844-E213-421D-8CFE-1F5727859CB4} - System32\Tasks\At36 => C:\ProgramData\KOBXSXSB.exe
Task: {FEBCB14B-E7D4-4387-A3F0-018A9C28C7A8} - System32\Tasks\At23 => C:\ProgramData\KOBXSXSB.exe
C:\ProgramData\KOBXSXSB.exe
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02293502-08D9-4FD1-8959-FBB4A5C7537E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02293502-08D9-4FD1-8959-FBB4A5C7537E} => Key deleted successfully.
C:\Windows\System32\Tasks\At37 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At37 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04D25219-9CAC-484D-BD87-FFFF9DE82831} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04D25219-9CAC-484D-BD87-FFFF9DE82831} => Key deleted successfully.
C:\Windows\System32\Tasks\At16 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At16 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04E4E49C-AEDD-4585-9AE9-531F2C87042F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04E4E49C-AEDD-4585-9AE9-531F2C87042F} => Key deleted successfully.
C:\Windows\System32\Tasks\At10 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At10 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1953E405-5253-4BB0-ABBC-C660FFA92E3C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1953E405-5253-4BB0-ABBC-C660FFA92E3C} => Key deleted successfully.
C:\Windows\System32\Tasks\At21 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At21 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{206AAED8-B538-45D0-A886-2251585FE754} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{206AAED8-B538-45D0-A886-2251585FE754} => Key deleted successfully.
C:\Windows\System32\Tasks\At6 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At6 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{231366A2-AA17-469A-BE6C-CF20D9D1ADFC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{231366A2-AA17-469A-BE6C-CF20D9D1ADFC} => Key deleted successfully.
C:\Windows\System32\Tasks\At5 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At5 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2462C6A6-516D-4262-972A-9BF723D6E065} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2462C6A6-516D-4262-972A-9BF723D6E065} => Key deleted successfully.
C:\Windows\System32\Tasks\At29 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At29 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{256C063D-4367-4FAC-8869-8BD087427BAA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{256C063D-4367-4FAC-8869-8BD087427BAA} => Key deleted successfully.
C:\Windows\System32\Tasks\At41 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At41 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2936673C-D437-483D-A346-F0AF7447BA9B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2936673C-D437-483D-A346-F0AF7447BA9B} => Key deleted successfully.
C:\Windows\System32\Tasks\At47 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At47 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A14C2C1-5249-4197-9C47-307EDDFE8819} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A14C2C1-5249-4197-9C47-307EDDFE8819} => Key deleted successfully.
C:\Windows\System32\Tasks\At12 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At12 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C3E6918-34A1-4ED1-AD49-A221366646D2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C3E6918-34A1-4ED1-AD49-A221366646D2} => Key deleted successfully.
C:\Windows\System32\Tasks\At9 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At9 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F7538C2-1BE8-4E23-AFD2-E7E7F103E697} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F7538C2-1BE8-4E23-AFD2-E7E7F103E697} => Key deleted successfully.
C:\Windows\System32\Tasks\At7 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At7 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32BE35AC-AB90-4D09-8708-C501612F351B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32BE35AC-AB90-4D09-8708-C501612F351B} => Key deleted successfully.
C:\Windows\System32\Tasks\At38 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At38 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33C9C576-6BAC-42CD-A9F2-CE5B4EFA26BC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33C9C576-6BAC-42CD-A9F2-CE5B4EFA26BC} => Key deleted successfully.
C:\Windows\System32\Tasks\At40 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At40 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{366E6C4B-6505-40EF-BF61-1C232580D95C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{366E6C4B-6505-40EF-BF61-1C232580D95C} => Key deleted successfully.
C:\Windows\System32\Tasks\At45 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At45 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D1DAF15-EA84-4A11-AC28-0B4F73875C73} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D1DAF15-EA84-4A11-AC28-0B4F73875C73} => Key deleted successfully.
C:\Windows\System32\Tasks\At34 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At34 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{572D3D73-A7B6-436F-B395-81B6F40F7FC8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{572D3D73-A7B6-436F-B395-81B6F40F7FC8} => Key deleted successfully.
C:\Windows\System32\Tasks\At46 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At46 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60217EC9-EEB7-4527-AA82-ABA3FD7C82AF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60217EC9-EEB7-4527-AA82-ABA3FD7C82AF} => Key deleted successfully.
C:\Windows\System32\Tasks\At15 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At15 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66C49895-EF4A-48BA-A91F-E60AC763C4A7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66C49895-EF4A-48BA-A91F-E60AC763C4A7} => Key deleted successfully.
C:\Windows\System32\Tasks\At14 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At14 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D557B6D-9CF3-4BDA-AAB9-3CD1D707E19A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D557B6D-9CF3-4BDA-AAB9-3CD1D707E19A} => Key deleted successfully.
C:\Windows\System32\Tasks\At33 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At33 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71307689-D7E4-4B7D-88E5-87258C27E003} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71307689-D7E4-4B7D-88E5-87258C27E003} => Key deleted successfully.
C:\Windows\System32\Tasks\At11 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At11 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{778B974A-775C-4EB0-A62A-D5BA4690AABB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{778B974A-775C-4EB0-A62A-D5BA4690AABB} => Key deleted successfully.
C:\Windows\System32\Tasks\At25 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At25 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B4CE5C8-957B-4AD4-A5A7-D365DB8EEEC2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B4CE5C8-957B-4AD4-A5A7-D365DB8EEEC2} => Key deleted successfully.
C:\Windows\System32\Tasks\At13 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At13 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C10B180-A149-4B7D-BE16-835187D0BE85} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C10B180-A149-4B7D-BE16-835187D0BE85} => Key deleted successfully.
C:\Windows\System32\Tasks\At35 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At35 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7ED87507-ED43-4B2F-A162-060F8A0C42FC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ED87507-ED43-4B2F-A162-060F8A0C42FC} => Key deleted successfully.
C:\Windows\System32\Tasks\At43 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At43 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{837644DB-DD43-4171-893E-C144A0D01BDF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{837644DB-DD43-4171-893E-C144A0D01BDF} => Key deleted successfully.
C:\Windows\System32\Tasks\At8 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At8 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88197E57-7DD3-43A8-8FF1-535B30E45100} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88197E57-7DD3-43A8-8FF1-535B30E45100} => Key deleted successfully.
C:\Windows\System32\Tasks\At42 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At42 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8989DC4A-61CD-4DA5-887C-75B43AB9B5E4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8989DC4A-61CD-4DA5-887C-75B43AB9B5E4} => Key deleted successfully.
C:\Windows\System32\Tasks\At32 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At32 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A06E4F5-2961-4278-81BF-9A8D7608D894} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A06E4F5-2961-4278-81BF-9A8D7608D894} => Key deleted successfully.
C:\Windows\System32\Tasks\At18 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At18 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95D15582-A454-4961-B218-EF76685117E3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95D15582-A454-4961-B218-EF76685117E3} => Key deleted successfully.
C:\Windows\System32\Tasks\At27 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At27 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DF46DF1-EAD3-4061-B421-63DB2B313BB5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DF46DF1-EAD3-4061-B421-63DB2B313BB5} => Key deleted successfully.
C:\Windows\System32\Tasks\At1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A43309EB-2D1F-4C6A-924A-0AC6CB3D7CF8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A43309EB-2D1F-4C6A-924A-0AC6CB3D7CF8} => Key deleted successfully.
C:\Windows\System32\Tasks\At28 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At28 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A79F4B2C-E4B8-4892-A2A5-A0E5C5AAF71A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A79F4B2C-E4B8-4892-A2A5-A0E5C5AAF71A} => Key deleted successfully.
C:\Windows\System32\Tasks\At3 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7E4A8CC-83A1-47E4-86D0-421BE13C5FB7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7E4A8CC-83A1-47E4-86D0-421BE13C5FB7} => Key deleted successfully.
C:\Windows\System32\Tasks\At26 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At26 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B06BABCC-2ABE-4FA9-BD9C-8B64AC930848} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B06BABCC-2ABE-4FA9-BD9C-8B64AC930848} => Key deleted successfully.
C:\Windows\System32\Tasks\At30 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At30 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5A9FD63-1B79-41A9-AB6A-E8E7D54DE61B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5A9FD63-1B79-41A9-AB6A-E8E7D54DE61B} => Key deleted successfully.
C:\Windows\System32\Tasks\At24 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At24 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB0B83B1-60EE-49FC-A884-CC8C1F08F6A6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB0B83B1-60EE-49FC-A884-CC8C1F08F6A6} => Key deleted successfully.
C:\Windows\System32\Tasks\At17 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At17 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE1C28AC-5500-4E83-BEB9-C96E96FEE5B6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE1C28AC-5500-4E83-BEB9-C96E96FEE5B6} => Key deleted successfully.
C:\Windows\System32\Tasks\At20 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At20 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C224254D-53F0-4E0B-99E0-988F14A0278B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C224254D-53F0-4E0B-99E0-988F14A0278B} => Key deleted successfully.
C:\Windows\System32\Tasks\At48 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At48 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4B5A947-0C46-4432-89DB-0C2FEDD4D12E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4B5A947-0C46-4432-89DB-0C2FEDD4D12E} => Key deleted successfully.
C:\Windows\System32\Tasks\At22 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At22 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C95A33C3-CB61-4174-9139-D12AA4038EE0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C95A33C3-CB61-4174-9139-D12AA4038EE0} => Key deleted successfully.
C:\Windows\System32\Tasks\At4 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At4 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9782A06-D7D4-44B6-8647-88B046427574} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9782A06-D7D4-44B6-8647-88B046427574} => Key deleted successfully.
C:\Windows\System32\Tasks\At44 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At44 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA04B4D4-3CE3-46B0-AF50-A791F77BE1CF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA04B4D4-3CE3-46B0-AF50-A791F77BE1CF} => Key deleted successfully.
C:\Windows\System32\Tasks\At2 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D09218C7-5926-443A-8230-24EF70595F2B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D09218C7-5926-443A-8230-24EF70595F2B} => Key deleted successfully.
C:\Windows\System32\Tasks\At31 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At31 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD7D0F5B-1331-4C13-89F5-C16DC0DC0C25} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD7D0F5B-1331-4C13-89F5-C16DC0DC0C25} => Key deleted successfully.
C:\Windows\System32\Tasks\At39 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At39 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBC2D525-DFCA-45E8-9FF6-C65A8ABC4BED} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBC2D525-DFCA-45E8-9FF6-C65A8ABC4BED} => Key deleted successfully.
C:\Windows\System32\Tasks\At19 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At19 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2FE3844-E213-421D-8CFE-1F5727859CB4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2FE3844-E213-421D-8CFE-1F5727859CB4} => Key deleted successfully.
C:\Windows\System32\Tasks\At36 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At36 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEBCB14B-E7D4-4387-A3F0-018A9C28C7A8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEBCB14B-E7D4-4387-A3F0-018A9C28C7A8} => Key deleted successfully.
C:\Windows\System32\Tasks\At23 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At23 => Key deleted successfully.
"C:\ProgramData\KOBXSXSB.exe" => File/Directory not found.

==== End of Fixlog ====
         
Adwarecleaner.txt

Code:
ATTFilter
# AdwCleaner v3.017 - Bericht erstellt am 19/01/2014 um 19:53:19
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium  (32 bits)
# Benutzername : Donna - NACHTSCHATTEN
# Gestartet von : C:\Users\Donna\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files\myfree codec
Ordner Gelöscht : C:\Users\Donna\AppData\Local\DownloadGuide

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19A395C9-823B-4700-B817-396FC84FFB16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19A395C9-823B-4700-B817-396FC84FFB16}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{19A395C9-823B-4700-B817-396FC84FFB16}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{19A395C9-823B-4700-B817-396FC84FFB16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{19A395C9-823B-4700-B817-396FC84FFB16}]
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\SimplyGen
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7600.17267

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]

*************************

AdwCleaner[R0].txt - [13128 octets] - [19/01/2014 19:50:55]
AdwCleaner[S0].txt - [10874 octets] - [19/01/2014 19:53:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10935 octets] ##########
         
frst.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2014 04
Ran by Donna (administrator) on NACHTSCHATTEN on 19-01-2014 19:57:01
Running from C:\Users\Donna\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Silicon Integrated Systems Corporation) C:\Program Files\SiS VGA Utilities\SiSTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SiSTray] - C:\Program Files\SiS VGA Utilities\SiSTray.exe [552960 2009-11-12] (Silicon Integrated Systems Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800 2010-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MountPoints2: {50b4e269-cc82-11df-97d6-0090f58dfeb4} - E:\AutoRun.exe
MountPoints2: {50b4e277-cc82-11df-97d6-0090f58dfeb4} - E:\AutoRun.exe
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x50CDC11918A5CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {403f1dfa-77d4-48ef-b068-d95e23d5bfd8} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {DFD92D72-99E3-4E26-AAE3-C9E5CD25531B} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.4&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&q={searchTerms}
SearchScopes: HKCU - {e2fc1314-151c-49b3-9a43-ed3c4b45efbb} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.3&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&q={searchTerms}
SearchScopes: HKCU - {e45bd839-9925-4185-a267-57c94fde1721} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.3&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&q={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-05-30] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-13] (Realtek Semiconductor Corporation                           )
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-19 19:55 - 2014-01-19 19:55 - 00011016 _____ C:\Users\Donna\Desktop\AdwCleaner[S0].txt
2014-01-19 19:50 - 2014-01-19 19:53 - 00000000 ____D C:\AdwCleaner
2014-01-19 19:50 - 2014-01-19 19:50 - 01236282 _____ C:\Users\Donna\Desktop\adwcleaner.exe
2014-01-19 09:31 - 2014-01-19 19:57 - 00009868 _____ C:\Users\Donna\Desktop\FRST.txt
2014-01-19 09:31 - 2014-01-19 09:32 - 00026382 _____ C:\Users\Donna\Desktop\Addition.txt
2014-01-19 09:30 - 2014-01-19 19:49 - 01221120 _____ (Farbar) C:\Users\Donna\Desktop\FRST.exe
2014-01-19 04:42 - 2014-01-19 19:49 - 00000000 ____D C:\FRST
2014-01-04 18:17 - 2014-01-04 18:27 - 00000000 ____D C:\Users\Donna\Desktop\Ebay

==================== One Month Modified Files and Folders =======

2014-01-19 19:57 - 2014-01-19 09:31 - 00009868 _____ C:\Users\Donna\Desktop\FRST.txt
2014-01-19 19:55 - 2014-01-19 19:55 - 00011016 _____ C:\Users\Donna\Desktop\AdwCleaner[S0].txt
2014-01-19 19:55 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-19 19:55 - 2009-07-14 05:39 - 00050765 _____ C:\Windows\setupact.log
2014-01-19 19:53 - 2014-01-19 19:50 - 00000000 ____D C:\AdwCleaner
2014-01-19 19:53 - 2010-02-03 21:18 - 02014705 _____ C:\Windows\WindowsUpdate.log
2014-01-19 19:50 - 2014-01-19 19:50 - 01236282 _____ C:\Users\Donna\Desktop\adwcleaner.exe
2014-01-19 19:49 - 2014-01-19 09:30 - 01221120 _____ (Farbar) C:\Users\Donna\Desktop\FRST.exe
2014-01-19 19:49 - 2014-01-19 04:42 - 00000000 ____D C:\FRST
2014-01-19 19:39 - 2012-06-20 10:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-19 10:24 - 2010-02-03 21:38 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-19 09:32 - 2014-01-19 09:31 - 00026382 _____ C:\Users\Donna\Desktop\Addition.txt
2014-01-18 23:17 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-18 23:17 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-18 18:17 - 2010-02-03 22:37 - 00189648 _____ C:\Windows\PFRO.log
2014-01-16 16:17 - 2010-02-07 16:40 - 00002568 ___SH C:\Windows\system32\KGyGaAvL.sys
2014-01-15 09:26 - 2010-05-23 20:58 - 00000000 ____D C:\Users\Donna\AppData\Roaming\Skype
2014-01-04 18:27 - 2014-01-04 18:17 - 00000000 ____D C:\Users\Donna\Desktop\Ebay
2013-12-22 11:03 - 2013-05-07 19:05 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-22 11:03 - 2012-12-03 09:25 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-22 11:03 - 2012-12-03 09:25 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Some content of TEMP:
====================
C:\Users\Donna\AppData\Local\Temp\avgnt.exe
C:\Users\Donna\AppData\Local\Temp\HomeTab.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\qmph.dll
C:\Users\Donna\AppData\Local\Temp\Quarantine.exe
C:\Users\Donna\AppData\Local\Temp\tbu1C31.exe
C:\Users\Donna\AppData\Local\Temp\tbu32A8.exe
C:\Users\Donna\AppData\Local\Temp\tbu3E8D.exe
C:\Users\Donna\AppData\Local\Temp\tbu418A.exe
C:\Users\Donna\AppData\Local\Temp\tbu48FE.exe
C:\Users\Donna\AppData\Local\Temp\tbu59C.exe
C:\Users\Donna\AppData\Local\Temp\tbu770F.exe
C:\Users\Donna\AppData\Local\Temp\tbu993B.exe
C:\Users\Donna\AppData\Local\Temp\tbuC15E.exe
C:\Users\Donna\AppData\Local\Temp\tbuE259.exe
C:\Users\Donna\AppData\Local\Temp\tbuF1FF.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 00:42

==================== End Of Log ============================
         
--- --- ---


Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2014 04
Ran by Donna at 2014-01-19 19:58:05
Running from C:\Users\Donna\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
6500_E709_eDocs (Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (Version: 140.0.000.000 - Hewlett-Packard) Hidden
Adobe Bridge 1.0 (Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.06) - Deutsch (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
Apple Application Support (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Brother MFL-Pro Suite DCP-150C (Version: 1.0.2.0 - Brother Industries, Ltd.)
BufferChm (Version: 140.0.213.000 - Hewlett-Packard) Hidden
CorelDRAW Graphics Suite X3 (Version: 13.0 - Corel Corporation)
DE (Version: 13.0 - Corel Corporation) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.213.000 - Hewlett-Packard) Hidden
DocMgr (Version: 140.0.65.000 - Ihr Firmenname) Hidden
DocProc (Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dropbox (HKCU Version: 0.7.110 - )
Fax (Version: 140.0.213.000 - Hewlett-Packard) Hidden
FontNav (Version: 5.0 - Corel Corporation) Hidden
GPBaseService2 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (Version: 14.0 - HP)
HP Document Manager 2.0 (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (Version: 4.60 - HP)
HP Solution Center 14.0 (Version: 14.0 - HP)
HP Update (Version: 5.002.002.002 - Hewlett-Packard)
HPProductAssistant (Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.212.000 - Hewlett-Packard) Hidden
iTunes (Version: 10.6.3.25 - Apple Inc.)
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (Version: 2.1.1 - Oracle Corporation)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Default Manager (Version: 2.1.55.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (Version:  - Nero AG)
Nero BurnRights (Version: 3.4.10.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.10.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.10.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.10.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.11.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (Version: 14.0 - HP)
ProductContext (Version: 140.0.000.000 - Hewlett-Packard) Hidden
Samsung Kies (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 140.0.167.000 - Hewlett-Packard) Hidden
SCHLECKER Foto Digital Service (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Shop for HP Supplies (Version: 14.0 - HP)
SiS VGA Utilities (Version: 5.24 - Silicon Integrated Systems Corporation)
Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (Version: 14.0.3.0 - Synaptics Incorporated)
TeKu2000 (Version:  - )
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VBA (Version: 6.2 - Corel Corporation) Hidden
WebReg (Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Restore Points  =========================

26-08-2013 16:41:05 Geplanter Prüfpunkt
09-09-2013 13:54:49 Geplanter Prüfpunkt
30-09-2013 09:02:39 Windows Update
16-10-2013 15:07:01 Geplanter Prüfpunkt
20-10-2013 09:02:30 Windows Update
06-11-2013 14:09:57 Installed Java 7 Update 45
02-01-2014 09:37:30 Geplanter Prüfpunkt
15-01-2014 18:08:00 Geplanter Prüfpunkt
19-01-2014 18:42:25 Installed Java 7 Update 51

==================== Hosts content: ==========================

2010-10-19 21:32 - 2010-10-19 21:35 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {30A59498-D1C7-40AC-B1A1-2805AC5552EB} - System32\Tasks\{2EBC0221-58E3-425B-B041-DCFB5B0FB838} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.259/de/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {625BAC05-FA5B-40D4-8137-371641D5907B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {6DF1C2DB-E47B-46E7-A557-6167D5AC45CC} - System32\Tasks\{9EBC9427-4453-4063-8F21-B0B8D2EA7436} => C:\Program Files\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {86B914F1-BBF9-4CB4-BFA3-D1E4EBA56132} - System32\Tasks\{C6E4F5EB-B73F-4173-A9C9-2E0FAFB05C65} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.187/en/abandoninstall?page=tsGoogle&installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-02-20 13:20 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-20 22:48 - 2013-03-20 22:48 - 01928704 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7e54989d439c94a9254051e9c17d5650\Kies.UI.ni.dll
2013-03-20 22:48 - 2013-03-20 22:48 - 00079360 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\48c087dd6e18fcbd057e0b1dd6cfa2fd\Kies.MVVM.ni.dll
2013-03-20 22:48 - 2013-03-20 22:48 - 00184832 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0ec1f5148809454e7dd63148636a05b2\Kies.Common.DeviceServiceLib.Interface.ni.dll
2013-03-20 22:52 - 2013-03-20 22:52 - 00353280 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\cc31b394afc58c54cae2b7d0d8c33cf7\DevicePhoto.ni.dll
2013-03-20 22:52 - 2013-03-20 22:52 - 00299520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\0990965afc0db853d38d302fb30b99d5\DeviceVideo.ni.dll
2013-03-20 22:52 - 2013-03-20 22:52 - 00615424 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\5afdd6b1217fcb271881226a1e288567\DevicePodcast.ni.dll
2013-03-20 22:52 - 2013-03-20 22:52 - 00307200 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\1b6f3c9a32cd1976fb79b2445e586939\DummyStorePlugin.ni.dll
2013-03-20 22:52 - 2013-03-20 22:52 - 17357824 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\0f4155c806e86a023b835d9070774f89\Kies.Theme.ni.dll
2013-03-20 22:51 - 2013-03-20 22:51 - 00572416 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3e9bfbd5f2cf47b8d36c1c4a9a5699c8\Kies.Common.DeviceServiceLib.FileService.ni.dll
2013-03-20 22:49 - 2013-03-20 22:49 - 00040448 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d77da7b6668e27f63af7da941e221304\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2013-03-20 22:51 - 2013-03-20 22:51 - 00232960 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2014 07:53:35 PM) (Source: MsiInstaller) (User: Nachtschatten)
Description: Produkt: Java 7 Update 51 -- Fehler 1719. Auf den Windows Installer-Dienst konnte nicht zugegriffen werden. Dies kann auftreten, wenn der Windows Installer nicht richtig installiert wurde. Wenden Sie sich an den Support, um weitere Unterstützung zu erhalten.

Error: (01/19/2014 07:51:34 PM) (Source: Application Hang) (User: )
Description: Programm JavaSetup7u51[1].exe, Version 7.0.510.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a88

Startzeit: 01cf15461ea5babd

Endzeit: 0

Anwendungspfad: C:\Users\Donna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WC115R02\JavaSetup7u51[1].exe

Berichts-ID:

Error: (01/19/2014 07:39:14 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/19 19:39:14.183]: [00000736]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (01/19/2014 02:41:19 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/19 14:41:19.587]: [00000736]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (01/19/2014 02:41:18 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/19 14:41:18.587]: [00000736]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (01/18/2014 06:06:42 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/18 18:06:42.513]: [00000648]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (01/18/2014 06:06:41 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/18 18:06:41.513]: [00000648]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (01/18/2014 06:06:40 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/18 18:06:40.334]: [00000648]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (01/18/2014 06:06:39 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/18 18:06:39.109]: [00000648]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (01/18/2014 06:06:37 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/18 18:06:37.921]: [00000648]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5


System errors:
=============
Error: (01/19/2014 07:56:36 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
PxHelp20

Error: (01/18/2014 11:10:33 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a45\??\C:\System Volume Information\Syscache.hve

Error: (01/18/2014 11:09:55 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
PxHelp20

Error: (01/18/2014 11:07:56 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎18.‎01.‎2014 um 19:30:52 unerwartet heruntergefahren.

Error: (01/18/2014 06:45:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (01/18/2014 06:39:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (01/18/2014 06:38:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (01/18/2014 06:38:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (01/18/2014 06:37:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (01/18/2014 06:37:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126


Microsoft Office Sessions:
=========================
Error: (07/13/2013 06:59:49 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/10/2013 10:10:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/16/2013 08:55:41 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 14 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/16/2011 07:44:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 52 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/02/2010 07:35:50 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/02/2010 07:35:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 3055.17 MB
Available physical RAM: 2011.16 MB
Total Pagefile: 6108.62 MB
Available Pagefile: 4915.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:207.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0F2202EA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 20.01.2014, 07:28   #9
sunjojo
/// Malwareteam
 
Interpool Trojaner auf meinem Laptop - Standard

Interpool Trojaner auf meinem Laptop



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {DFD92D72-99E3-4E26-AAE3-C9E5CD25531B} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.4&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&q={searchTerms}
SearchScopes: HKCU - {e2fc1314-151c-49b3-9a43-ed3c4b45efbb} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.3&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&q={searchTerms}
SearchScopes: HKCU - {e45bd839-9925-4185-a267-57c94fde1721} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.3&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&q={searchTerms}
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

Schritt 2
Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Poste folgende Logfiles in deiner nächsten Antwort:
  • FRST-Fix
  • MBAM-Scan
  • ESET-Scan
  • FRST-Scan
__________________
Gruß,

Jonas

Alt 21.01.2014, 20:56   #10
donnaschlag
 
Interpool Trojaner auf meinem Laptop - Standard

Interpool Trojaner auf meinem Laptop



So, alles gemacht, hier die vier Dateien:

Firstlog.txt

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2014 04
Ran by Donna at 2014-01-20 21:20:09 Run:3
Running from C:\Users\Donna\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {DFD92D72-99E3-4E26-AAE3-C9E5CD25531B} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.4&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&q={searchTerms}
SearchScopes: HKCU - {e2fc1314-151c-49b3-9a43-ed3c4b45efbb} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.3&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&q={searchTerms}
SearchScopes: HKCU - {e45bd839-9925-4185-a267-57c94fde1721} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.3&ts=1369937624878.000002&tguid=46364-3869-1369937624878-D3A8B02EEF3E2067C08A72537D30250C&q={searchTerms}
         
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DFD92D72-99E3-4E26-AAE3-C9E5CD25531B} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DFD92D72-99E3-4E26-AAE3-C9E5CD25531B} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{e2fc1314-151c-49b3-9a43-ed3c4b45efbb} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{e2fc1314-151c-49b3-9a43-ed3c4b45efbb} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{e45bd839-9925-4185-a267-57c94fde1721} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{e45bd839-9925-4185-a267-57c94fde1721} => Key not found.

==== End of Fixlog ====
         
mbam-log-2014-01-20 (21-22-32).txt

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.20.08

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Donna :: NACHTSCHATTEN [Administrator]

20.01.2014 21:22:32
mbam-log-2014-01-20 (21-22-32).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212485
Laufzeit: 11 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 13
C:\Users\Donna\AppData\Local\Temp\tbu1C31.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Donna\AppData\Local\Temp\tbu32A8.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Donna\AppData\Local\Temp\tbu3E8D.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Donna\AppData\Local\Temp\tbu418A.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Donna\AppData\Local\Temp\tbu48FE.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Donna\AppData\Local\Temp\tbu59C.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Donna\AppData\Local\Temp\tbu770F.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Donna\AppData\Local\Temp\tbu993B.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Donna\AppData\Local\Temp\tbuC15E.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Donna\AppData\Local\Temp\tbuE259.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Donna\AppData\Local\Temp\tbuF1FF.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Donna\AppData\Local\Temp\HomeTab.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Launcher.exe (PUP.Optional.Simplytech) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
ESET-Scan

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1a4c0087b509474aa3f3fa5ba606a9c3
# engine=16724
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-20 10:32:57
# local_time=2014-01-20 11:32:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1799 16775165 100 97 131143 255680467 123892 0
# compatibility_mode=5893 16776574 100 94 35823592 141888368 0 0
# scanned=143813
# found=1
# cleaned=0
# scan_time=5778
sh=CEB304E9889D5015D54012583B34BAB1E983E57B ft=1 fh=2eea0ca80fa56b57 vn="a variant of Win32/Kryptik.BTDV trojan" ac=I fn="C:\FRST\Quarantine\lweawjfi.cpp"
         

First.txt (scan)


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2014
Ran by Donna (administrator) on NACHTSCHATTEN on 21-01-2014 20:49:55
Running from C:\Users\Donna\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Silicon Integrated Systems Corporation) C:\Program Files\SiS VGA Utilities\SiSTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SiSTray] - C:\Program Files\SiS VGA Utilities\SiSTray.exe [552960 2009-11-12] (Silicon Integrated Systems Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800 2010-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MountPoints2: {50b4e269-cc82-11df-97d6-0090f58dfeb4} - E:\AutoRun.exe
MountPoints2: {50b4e277-cc82-11df-97d6-0090f58dfeb4} - E:\AutoRun.exe
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x50CDC11918A5CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKCU - {403f1dfa-77d4-48ef-b068-d95e23d5bfd8} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-05-30] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-13] (Realtek Semiconductor Corporation                           )
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-20 21:30 - 2014-01-20 21:29 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-20 21:30 - 2014-01-20 21:29 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-20 21:30 - 2014-01-20 21:29 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-20 21:30 - 2014-01-20 21:29 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-19 19:55 - 2014-01-19 19:55 - 00011016 _____ C:\Users\Donna\Desktop\AdwCleaner[S0].txt
2014-01-19 19:50 - 2014-01-19 19:53 - 00000000 ____D C:\AdwCleaner
2014-01-19 19:50 - 2014-01-19 19:50 - 01236282 _____ C:\Users\Donna\Desktop\adwcleaner.exe
2014-01-19 09:31 - 2014-01-21 20:49 - 00009282 _____ C:\Users\Donna\Desktop\FRST.txt
2014-01-19 09:31 - 2014-01-19 19:58 - 00021928 _____ C:\Users\Donna\Desktop\Addition.txt
2014-01-19 09:30 - 2014-01-21 20:49 - 01222144 _____ (Farbar) C:\Users\Donna\Desktop\FRST.exe
2014-01-19 04:42 - 2014-01-21 20:49 - 00000000 ____D C:\FRST
2014-01-04 18:17 - 2014-01-04 18:27 - 00000000 ____D C:\Users\Donna\Desktop\Ebay

==================== One Month Modified Files and Folders =======

2014-01-21 20:50 - 2014-01-19 09:31 - 00009282 _____ C:\Users\Donna\Desktop\FRST.txt
2014-01-21 20:49 - 2014-01-19 09:30 - 01222144 _____ (Farbar) C:\Users\Donna\Desktop\FRST.exe
2014-01-21 20:49 - 2014-01-19 04:42 - 00000000 ____D C:\FRST
2014-01-21 20:27 - 2012-06-20 10:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 19:53 - 2010-02-03 21:18 - 02078531 _____ C:\Windows\WindowsUpdate.log
2014-01-21 17:07 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 17:07 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-20 21:36 - 2010-02-03 22:37 - 00192724 _____ C:\Windows\PFRO.log
2014-01-20 21:36 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-20 21:36 - 2009-07-14 05:39 - 00050821 _____ C:\Windows\setupact.log
2014-01-20 21:36 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2014-01-20 21:29 - 2014-01-20 21:30 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-20 21:29 - 2014-01-20 21:30 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-20 21:29 - 2014-01-20 21:30 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-20 21:29 - 2014-01-20 21:30 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-20 20:05 - 2010-02-03 22:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-20 20:03 - 2013-08-08 18:21 - 00000000 ____D C:\Windows\system32\MRT
2014-01-20 20:01 - 2010-02-06 11:36 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-20 19:54 - 2010-02-07 16:40 - 00002568 ___SH C:\Windows\system32\KGyGaAvL.sys
2014-01-19 19:58 - 2014-01-19 09:31 - 00021928 _____ C:\Users\Donna\Desktop\Addition.txt
2014-01-19 19:55 - 2014-01-19 19:55 - 00011016 _____ C:\Users\Donna\Desktop\AdwCleaner[S0].txt
2014-01-19 19:53 - 2014-01-19 19:50 - 00000000 ____D C:\AdwCleaner
2014-01-19 19:50 - 2014-01-19 19:50 - 01236282 _____ C:\Users\Donna\Desktop\adwcleaner.exe
2014-01-19 10:24 - 2010-02-03 21:38 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-15 09:26 - 2010-05-23 20:58 - 00000000 ____D C:\Users\Donna\AppData\Roaming\Skype
2014-01-04 18:27 - 2014-01-04 18:17 - 00000000 ____D C:\Users\Donna\Desktop\Ebay
2013-12-22 11:03 - 2013-05-07 19:05 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-22 11:03 - 2012-12-03 09:25 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-22 11:03 - 2012-12-03 09:25 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Some content of TEMP:
====================
C:\Users\Donna\AppData\Local\Temp\avgnt.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Donna\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 00:42

==================== End Of Log ============================
         
--- --- ---

Alt 22.01.2014, 19:55   #11
sunjojo
/// Malwareteam
 
Interpool Trojaner auf meinem Laptop - Standard

Interpool Trojaner auf meinem Laptop



Falls du keine Probleme mehr hast, sind wir fertig .



Schritt 1
Installiere bitte das Service Pack 1 für deinen Computer: Windows 7 und Windows Server 2008 R2 Service Pack 1 (KB976932) aus dem Microsoft Download Center herunterladen.

Schritt 2
Downloade Dir bitte den Internet Explorer 11 von hier und installiere diesen.
Auch wenn dieser nicht dein Standard-Browser ist, sollte sich die aktuelle Version am Rechner befinden. Es gibt noch genug Software, die diesen zum Updaten verwendet.

Schritt 3
Wenn du Malwarebytes Anti Malware und ESET nicht mehr behalten möchtest, deinstalliere die Programm bitte über die Systemsteuerung. Ich empfehle dir aber Malwarebytes Anti Malware als zusätzlichen Schutz zu behalten, mit dem du dein System einmal pro Woche scannen kannst (vorher die Datenbank updaten).

Schritt 4
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Deine Logs zeigen keine schädlichen Einträge mehr, in meinen Augen bist du Clean. Hier sind noch Tipps zur Absicherung deines Systems für die Zukunft:

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen .

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
Gruß,

Jonas

Alt 22.01.2014, 20:06   #12
donnaschlag
 
Interpool Trojaner auf meinem Laptop - Standard

Interpool Trojaner auf meinem Laptop



Ich habe keine weiteren Problme bis jetzt.
Vielen Dank für die schnelle und gute Hilfe!
Ich werde deine Vorschläge zur besseren Absicherung berücksichtigen.
Viele Grüße
Donnaschlag

Alt 22.01.2014, 20:57   #13
sunjojo
/// Malwareteam
 
Interpool Trojaner auf meinem Laptop - Standard

Interpool Trojaner auf meinem Laptop



Hallo donnaschlag,

schön, dass wir dir helfen konnten .

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht, damit erhalte ich keine Benachrichtungen über neue Antworten in diesem Thread. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder Andere bitte hier klicken und einen eigenen Thread erstellen.
__________________
Gruß,

Jonas

Antwort

Themen zu Interpool Trojaner auf meinem Laptop
adobe, antivir, association, avg, cdrom, desktop, download, explorer, explorer.exe, microsoft, opera, pup.optional.hometab.a, pup.optional.simplytech, realtek, registry, services.exe, software, svchost.exe, system32, temp, trojaner, win32/kryptik.btdv, winlogon.exe



Ähnliche Themen: Interpool Trojaner auf meinem Laptop


  1. interpool trojaner
    Log-Analyse und Auswertung - 09.02.2014 (9)
  2. GVU Trojaner auf meinem Win 7 Laptop.
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (17)
  3. GVU - Trojaner auf meinem Laptop
    Log-Analyse und Auswertung - 26.07.2013 (10)
  4. GVU Trojaner auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 28.06.2013 (7)
  5. Trojaner auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 30.05.2013 (9)
  6. BKA Trojaner auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (1)
  7. GVU-Trojaner auf meinem Laptop
    Log-Analyse und Auswertung - 22.09.2012 (9)
  8. Trojaner auf meinem Laptop - von allein wieder weg?
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (31)
  9. weitere BKA-Trojaner-Variante von der GVU auf meinem laptop
    Log-Analyse und Auswertung - 28.03.2012 (1)
  10. abnow-trojaner auf meinem laptop
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (4)
  11. Bundeskriminalamt Trojaner auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 05.08.2011 (7)
  12. Trojaner Fake.AV auf meinem Laptop....
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (5)
  13. Trojaner (TR/Trash.Gen) auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 09.05.2010 (4)
  14. Trojaner-Problem bei meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 16.08.2009 (1)
  15. Trojaner auf meinem laptop! HILFE!!!
    Log-Analyse und Auswertung - 28.01.2009 (0)
  16. Mehrere Trojaner auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 03.09.2008 (8)
  17. Trojaner und Wurm auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 31.10.2006 (3)

Zum Thema Interpool Trojaner auf meinem Laptop - Hallo, habe mir den Interpool Trojaner auf meinem Laptop eingefangen und schon einige Beiträge dazu hier gelesen, Ich bin soweit gekommen dass ich den Scan von frst durchführen konnte und - Interpool Trojaner auf meinem Laptop...
Archiv
Du betrachtest: Interpool Trojaner auf meinem Laptop auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.