Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner welcher Mailkonten von Outlook hackt und dadurch Spam verschickt

Trojaner welcher Mailkonten von Outlook hackt und dadurch Spam verschickt


Plagegeister aller Art und deren Bekämpfung: Trojaner welcher Mailkonten von Outlook hackt und dadurch Spam verschickt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.06.2014, 15:25   #1
Pabumake
 
Trojaner welcher Mailkonten von Outlook hackt und dadurch Spam verschickt - Icon30

Trojaner welcher Mailkonten von Outlook hackt und dadurch Spam verschickt


Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-06-2014
Ran by Administrator at 2014-06-05 17:14:45
Running from E:\Trojaner-Board-Tools
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
Amazon 1Button App (Version: 1.0.4 - Amazon) Hidden
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.16 - Atheros Communications Inc.)
Auerswald ETS-4308 I 2.5 (HKLM\...\{17ABC860-66F2-44BC-9A64-237CD335A51E}) (Version: 2.5  - Auerswald GmbH & Co.KG)
Avira Professional Security (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Extra Content (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang BR (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang CZ (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang ES (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang FR (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang IT (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang NL (Version: 14.2 - Uw bedrijfsnaam) Hidden
CorelDRAW Graphics Suite X4 - Lang PL (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang SU (Version: 14.2 - Yrityksen nimi) Hidden
CorelDRAW Graphics Suite X4 - Lang SV (Version: 14.2 - Ditt företagsnamn) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 - Extra Content (HKLM\...\_{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}) (Version:  - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version:  - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version:  - Corel Corporation)
cyberJack Base Components (HKLM\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.9.12 - REINER SCT)
DATA BECKER web to date 7 (HKLM\...\web to date 7_is1) (Version: 7.0.0.1708 - DATA BECKER GmbH & Co. KG)
D-Link DFE530TX (HKLM\...\InstallShield_{BF79156F-2C18-4C83-8800-FC7460A1E204}) (Version:  - D-Link)
D-Link DFE530TX (Version:  - D-Link) Hidden
D-Link PCI Fast Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_D-Link) (Version:  - )
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.99.311 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
K-Lite Mega Codec Pack 5.7.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.7.0 - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Access 2010 Runtime Service Pack 1 (SP1) (HKLM\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{FA978F90-F7AB-4CF6-BCF5-885CF559DE7C}) (Version:  - Microsoft)
Microsoft Access 2010 Runtime Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Access Runtime 2010 (HKLM\...\Office14.AccessRT) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Runtime 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Runtime MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 12.0 (x86 de) (HKLM\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
PDF Architect (HKLM\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
SFirm (HKLM\...\{A600A500-6AAC-48AB-B29C-145483B3A127}) (Version: 2.39.12.250.1 - Star Finanz GmbH)
SPCA1528 PC Driver (HKLM\...\{570C2A84-A145-4DF0-AE9D-012584DF09DC}) (Version: 2.2.2.0 - sunplus)
Stellar Phoenix Outlook PST Repair v4.0 (HKLM\...\Stellar Phoenix Outlook PST Repair_is1) (Version:  - Stellar Information Systems Ltd.)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{9492511E-2CE0-4904-9400-203F44E1DC0D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Vi Installation Manager (HKLM\...\{48E9ED3D-709A-438F-A47C-2D783A46B9FB}) (Version: 1.00.0000 - Softwareparadies GmbH&Co.KG)
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
VLC media player 1.0.5 (HKLM\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
Windows Live Communications Platform (Version: 14.0.8098.930 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live ID-Anmelde-Assistent (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Restore Points  =========================

05-06-2014 13:11:36 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-14 04:04 - 2014-06-05 15:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {35F7902C-9BC3-43BF-B1FA-F989961E1663} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7AF5FCFD-0360-4057-96EC-2EDD87F567DD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {9441FD22-9D83-4ACA-994D-68F00A361BE0} - System32\Tasks\{E086C6FD-754D-4A50-B8DB-197450C5D1B4} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {A2C3954C-EEB1-4634-A24D-C5E5CD25292E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C9C9015F-CE2F-4101-96DF-AEB3A5A5BBC6} - System32\Tasks\{CD88D8C9-58F7-4FBB-90CD-E8256E6B8EC4} => C:\Program Files\Avira\AntiVir Desktop\avcenter.exe [2014-02-20] (Avira Operations GmbH & Co. KG)
Task: {DDABAC68-D960-4ECA-AFFF-B6E2B6BD1E77} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

==================== Loaded Modules (whitelisted) =============

2007-02-09 03:39 - 2007-02-09 03:39 - 00010752 _____ () C:\Windows\System32\KOAZXJAL.dll
2013-04-02 14:32 - 2013-01-25 09:40 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2011-11-04 10:11 - 2007-05-31 09:38 - 00167936 ____N () C:\Windows\system32\SerialXP.dll
2010-03-09 11:32 - 2005-06-28 14:59 - 00053248 _____ () C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
2010-04-16 08:51 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\scholz\AppData\Local\WINICON.bin:{A060292F-C47D-48CE-9E1A-0C9B6D1E91BB}

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/05/2014 04:22:26 PM) (Source: Avira Antivirus) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Das Update von PC1 (127.0.0.1) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten..
Es wurden keine neuen Dateien geladen.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (04/20/2013 00:24:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2383 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/14/2013 04:18:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 835024 seconds with 2040 seconds of active time.  This session ended with a crash.

Error: (05/31/2012 09:24:02 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 811 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (05/31/2012 07:50:31 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2887 seconds with 2160 seconds of active time.  This session ended with a crash.

Error: (03/26/2012 00:06:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2840 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/24/2011 07:20:51 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/02/2011 08:08:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/07/2011 09:38:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/04/2011 08:27:30 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/20/2011 10:48:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 3270.7 MB
Available physical RAM: 2369.1 MB
Total Pagefile: 6539.7 MB
Available Pagefile: 5450.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:98.35 GB) NTFS
Drive e: (MULTIBOOT) (Removable) (Total:14.72 GB) (Free:12.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 03073AB2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 3D06957F)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================
(auch noch das frst aus dem 2ten scan):

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014
Ran by Administrator (administrator) on PC1 on 05-06-2014 17:14:36
Running from E:\Trojaner-Board-Tools
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(DATA BECKER GmbH & Co KG) C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SfWinStartInfo] => C:\Program Files\SFirm\sfWinStartupInfo.exe [81496 2014-04-22] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5986960 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x83E47CBB2A98CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/download/o2cplayer.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\..\Interfaces\{5D47328C-5E64-4718-B37D-748E7E3235CC}: [NameServer]192.168.115.10
Tcpip\..\Interfaces\{AB170DDD-617A-4BC1-BDFC-560F47E700CD}: [NameServer]192.168.115.10

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xkno36ag.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2014-02-08]

========================== Services (Whitelisted) =================

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [896592 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [508848 2011-05-09] (REINER SCT)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277616 2012-12-14] (Intel Corporation)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.)
R2 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-05] (Avira Operations GmbH & Co. KG)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
S3 CBUSB; C:\Windows\System32\drivers\CBUSB.sys [45056 2014-02-08] (MARX CryptoTech LP)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc.              )
S3 FETNDISB; C:\Windows\System32\DRIVERS\dlkfet5b.sys [46080 2006-12-27] (D-Link                              )
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [15680 2012-05-20] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [350016 2012-05-20] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [793920 2012-05-20] (Intel Corporation)
S3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-17] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 Bulk1528; System32\Drivers\Bulk1528.sys [X]
S2 Ca1528av; System32\Drivers\Ca1528av.sys [X]
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 15:55 - 2014-06-05 15:55 - 00000633 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-06-05 15:53 - 2014-06-05 15:53 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 15:50 - 2014-06-05 15:51 - 00000000 ____D () C:\AdwCleaner
2014-06-05 15:49 - 2014-06-05 14:49 - 01016261 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2014-06-05 15:49 - 2014-06-05 14:48 - 01327971 _____ () C:\Users\Administrator\Desktop\adwcleaner_3.211.exe
2014-06-05 15:24 - 2014-06-05 15:24 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinRAR
2014-06-05 15:21 - 2014-06-05 15:21 - 00012815 _____ () C:\ComboFix.txt
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\TEMP\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\TEMP.PC1\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\TEMP.PC1.002\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\TEMP.PC1.001\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\TEMP.PC1.000\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\scholz\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\adsek\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\admin\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\adkar\AppData\Local\temp
2014-06-05 15:20 - 2014-06-05 15:56 - 00019055 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 15:16 - 2014-06-05 17:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-05 15:11 - 2014-06-05 15:22 - 00000000 ____D () C:\ComboFix
2014-06-05 15:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-05 15:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-05 15:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-05 15:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-05 15:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-05 15:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-05 15:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-05 15:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-05 15:00 - 2014-06-05 15:21 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 15:00 - 2014-06-05 15:21 - 00000000 ____D () C:\Qoobox
2014-06-05 14:58 - 2014-06-05 13:55 - 05205146 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-06-05 14:48 - 2014-06-05 14:48 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Apple Computer
2014-06-04 18:38 - 2014-06-04 18:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple
2014-06-04 18:32 - 2014-06-04 18:32 - 01281826 _____ () C:\Users\Administrator\Desktop\Ereignisse_AVIRA.txt
2014-06-04 10:15 - 2014-06-05 17:14 - 00000000 ____D () C:\FRST
2014-06-04 10:10 - 2014-06-04 10:10 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-03 16:28 - 2014-06-04 10:07 - 00000974 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-06-03 15:56 - 2014-06-05 15:52 - 00002132 _____ () C:\Windows\setupact.log
2014-06-03 15:56 - 2014-06-05 15:52 - 00001116 _____ () C:\Windows\error.log
2014-06-03 15:56 - 2014-06-05 15:51 - 00003972 _____ () C:\Windows\PFRO.log
2014-06-03 15:56 - 2014-06-05 15:51 - 00000243 _____ () C:\Windows\errord.log
2014-06-03 15:56 - 2014-06-03 15:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-03 12:00 - 2014-06-03 14:11 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-02 16:31 - 2014-06-02 16:31 - 00002098 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-06-02 16:31 - 2014-06-02 16:31 - 00000000 ____D () C:\Users\scholz\AppData\Roaming\Foxit Software
2014-06-02 16:31 - 2014-06-02 16:31 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-06-02 16:31 - 2014-06-02 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-06-02 16:31 - 2014-06-02 16:31 - 00000000 ____D () C:\Program Files\Foxit Software
2014-06-02 16:20 - 2014-06-05 14:18 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 16:20 - 2014-06-02 16:20 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-02 16:20 - 2014-06-02 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-02 16:20 - 2014-06-02 16:20 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-02 16:20 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-02 16:20 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-02 16:20 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-02 16:15 - 2014-06-02 16:15 - 00327026 _____ () C:\Users\scholz\Documents\cc_20140602_161531.reg
2014-06-02 16:15 - 2014-06-02 16:15 - 00000622 _____ () C:\Users\scholz\Documents\cc_20140602_161551.reg
2014-06-02 16:14 - 2014-06-02 16:14 - 00000000 ____D () C:\Windows\Sun
2014-06-02 16:13 - 2014-06-02 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-02 16:13 - 2014-06-02 16:13 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-02 16:13 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-02 16:13 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-02 16:13 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-02 16:13 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-02 16:11 - 2014-06-02 16:13 - 00005788 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-06-02 16:07 - 2014-06-02 16:07 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-02 16:07 - 2014-06-02 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-02 16:07 - 2014-06-02 16:07 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-02 16:06 - 2014-06-02 16:06 - 03673664 _____ (Piriform Ltd) C:\Users\scholz\Downloads\ccsetup414_slim.exe
2014-06-02 16:02 - 2014-06-02 16:02 - 00000000 _____ () C:\Users\scholz\Desktop\TaefertingenLageplan.txt
2014-06-02 15:32 - 2014-06-02 15:32 - 00000000 ____D () C:\Users\scholz\AppData\Local\Adobe
2014-06-02 15:32 - 2014-02-22 12:15 - 00000426 _____ () C:\AVScanner.ini
2014-06-02 09:42 - 2014-06-02 09:42 - 00001100 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-02 09:42 - 2014-06-02 09:42 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-02 09:42 - 2014-06-02 09:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-02 09:22 - 2014-06-02 09:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 09:20 - 2014-06-02 09:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\scholz\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-22 11:03 - 2014-05-22 11:03 - 06209136 _____ (TeamViewer GmbH) C:\Users\scholz\Downloads\TeamViewer_Setup_de.exe
2014-05-22 11:03 - 2014-05-22 11:03 - 00001132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-22 11:03 - 2014-05-22 11:03 - 00001120 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk

==================== One Month Modified Files and Folders =======

2014-06-05 17:14 - 2014-06-05 15:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-05 17:14 - 2014-06-04 10:15 - 00000000 ____D () C:\FRST
2014-06-05 17:04 - 2014-02-20 10:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 16:43 - 2010-01-11 14:09 - 01749396 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-05 15:59 - 2009-07-14 06:34 - 00015040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 15:59 - 2009-07-14 06:34 - 00015040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 15:56 - 2014-06-05 15:20 - 00019055 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 15:55 - 2014-06-05 15:55 - 00000633 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-06-05 15:53 - 2014-06-05 15:53 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 15:52 - 2014-06-03 15:56 - 00002132 _____ () C:\Windows\setupact.log
2014-06-05 15:52 - 2014-06-03 15:56 - 00001116 _____ () C:\Windows\error.log
2014-06-05 15:52 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 15:51 - 2014-06-05 15:50 - 00000000 ____D () C:\AdwCleaner
2014-06-05 15:51 - 2014-06-03 15:56 - 00003972 _____ () C:\Windows\PFRO.log
2014-06-05 15:51 - 2014-06-03 15:56 - 00000243 _____ () C:\Windows\errord.log
2014-06-05 15:24 - 2014-06-05 15:24 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinRAR
2014-06-05 15:22 - 2014-06-05 15:11 - 00000000 ____D () C:\ComboFix
2014-06-05 15:21 - 2014-06-05 15:21 - 00012815 _____ () C:\ComboFix.txt
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\TEMP\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\TEMP.PC1\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\TEMP.PC1.002\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\TEMP.PC1.001\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\TEMP.PC1.000\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\scholz\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\adsek\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\admin\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:21 - 00000000 ____D () C:\Users\adkar\AppData\Local\temp
2014-06-05 15:21 - 2014-06-05 15:00 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 15:21 - 2014-06-05 15:00 - 00000000 ____D () C:\Qoobox
2014-06-05 15:21 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-06-05 15:21 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-06-05 15:17 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-06-05 15:16 - 2013-12-04 22:05 - 00000000 ____D () C:\Users\scholz\AppData\Roaming\Java
2014-06-05 15:16 - 2009-07-14 04:03 - 58458112 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-06-05 15:16 - 2009-07-14 04:03 - 22806528 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-06-05 15:16 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-06-05 15:16 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-06-05 15:16 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-06-05 14:49 - 2014-06-05 15:49 - 01016261 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2014-06-05 14:48 - 2014-06-05 15:49 - 01327971 _____ () C:\Users\Administrator\Desktop\adwcleaner_3.211.exe
2014-06-05 14:48 - 2014-06-05 14:48 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Apple Computer
2014-06-05 14:48 - 2009-07-14 06:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-05 14:18 - 2014-06-02 16:20 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 13:55 - 2014-06-05 14:58 - 05205146 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-06-04 18:38 - 2014-06-04 18:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple
2014-06-04 18:32 - 2014-06-04 18:32 - 01281826 _____ () C:\Users\Administrator\Desktop\Ereignisse_AVIRA.txt
2014-06-04 10:13 - 2010-01-18 14:02 - 00146544 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-04 10:10 - 2014-06-04 10:10 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-04 10:10 - 2010-01-18 12:35 - 00000000 ____D () C:\Users\Administrator
2014-06-04 10:07 - 2014-06-03 16:28 - 00000974 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-06-03 15:56 - 2014-06-03 15:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-03 14:11 - 2014-06-03 12:00 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-02 16:31 - 2014-06-02 16:31 - 00002098 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-06-02 16:31 - 2014-06-02 16:31 - 00000000 ____D () C:\Users\scholz\AppData\Roaming\Foxit Software
2014-06-02 16:31 - 2014-06-02 16:31 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-06-02 16:31 - 2014-06-02 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-06-02 16:31 - 2014-06-02 16:31 - 00000000 ____D () C:\Program Files\Foxit Software
2014-06-02 16:20 - 2014-06-02 16:20 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-02 16:20 - 2014-06-02 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-02 16:20 - 2014-06-02 16:20 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-02 16:15 - 2014-06-02 16:15 - 00327026 _____ () C:\Users\scholz\Documents\cc_20140602_161531.reg
2014-06-02 16:15 - 2014-06-02 16:15 - 00000622 _____ () C:\Users\scholz\Documents\cc_20140602_161551.reg
2014-06-02 16:14 - 2014-06-02 16:14 - 00000000 ____D () C:\Windows\Sun
2014-06-02 16:14 - 2014-02-08 12:01 - 00000000 ____D () C:\Program Files\PDFCreator
2014-06-02 16:14 - 2013-10-01 10:49 - 00000000 ____D () C:\Windows\Minidump
2014-06-02 16:14 - 2010-01-11 13:07 - 00000000 ____D () C:\Windows\Panther
2014-06-02 16:13 - 2014-06-02 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-02 16:13 - 2014-06-02 16:13 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-02 16:13 - 2014-06-02 16:11 - 00005788 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-06-02 16:13 - 2013-10-07 17:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-02 16:13 - 2010-02-17 11:17 - 00000000 ____D () C:\Program Files\Java
2014-06-02 16:07 - 2014-06-02 16:07 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-02 16:07 - 2014-06-02 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-02 16:07 - 2014-06-02 16:07 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-02 16:06 - 2014-06-02 16:06 - 03673664 _____ (Piriform Ltd) C:\Users\scholz\Downloads\ccsetup414_slim.exe
2014-06-02 16:06 - 2010-01-15 13:50 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-02 16:06 - 2010-01-15 13:50 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-02 16:02 - 2014-06-02 16:02 - 00000000 _____ () C:\Users\scholz\Desktop\TaefertingenLageplan.txt
2014-06-02 15:35 - 2010-03-12 10:05 - 00000000 ____D () C:\Program Files\Jasc Software Inc
2014-06-02 15:32 - 2014-06-02 15:32 - 00000000 ____D () C:\Users\scholz\AppData\Local\Adobe
2014-06-02 10:00 - 2010-01-15 12:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-02 09:49 - 2013-10-01 22:14 - 00000000 ____D () C:\Users\scholz\AppData\Roaming\Hiqir
2014-06-02 09:49 - 2013-09-23 16:30 - 00000000 ____D () C:\Users\scholz\AppData\Roaming\Lypa
2014-06-02 09:49 - 2013-09-22 07:54 - 00000000 ____D () C:\Users\scholz\AppData\Roaming\Ogova
2014-06-02 09:49 - 2013-09-20 15:51 - 00000000 ____D () C:\Users\scholz\AppData\Roaming\Imfo
2014-06-02 09:49 - 2013-09-19 15:51 - 00000000 ____D () C:\Users\scholz\AppData\Roaming\Kyimob
2014-06-02 09:49 - 2010-01-13 17:20 - 00000000 ____D () C:\Users\scholz
2014-06-02 09:42 - 2014-06-02 09:42 - 00001100 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-02 09:42 - 2014-06-02 09:42 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-02 09:42 - 2014-06-02 09:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-02 09:22 - 2014-06-02 09:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 09:21 - 2014-06-02 09:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\scholz\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 09:14 - 2011-11-04 10:18 - 00000000 ____D () C:\Program Files\SFirm
2014-05-24 10:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-24 09:17 - 2009-07-14 06:33 - 00534032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-24 06:59 - 2010-01-13 17:25 - 00000477 _____ () C:\Windows\BRWMARK.INI
2014-05-23 07:28 - 2010-01-18 12:00 - 00146544 _____ () C:\Users\scholz\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-23 00:58 - 2010-11-23 09:58 - 00002356 _____ () C:\Users\scholz\Desktop\Google Chrome.lnk
2014-05-22 13:59 - 2010-01-26 09:30 - 00000000 ____D () C:\Users\scholz\AppData\Roaming\TeamViewer
2014-05-22 11:03 - 2014-05-22 11:03 - 06209136 _____ (TeamViewer GmbH) C:\Users\scholz\Downloads\TeamViewer_Setup_de.exe
2014-05-22 11:03 - 2014-05-22 11:03 - 00001132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-22 11:03 - 2014-05-22 11:03 - 00001120 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-05-22 11:03 - 2012-07-24 13:12 - 00000000 ____D () C:\Program Files\TeamViewer
2014-05-15 11:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-13 22:04 - 2014-02-20 10:40 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-13 22:04 - 2011-09-28 15:00 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 07:26 - 2014-06-02 16:20 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-02 16:20 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-06-02 16:20 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-07 15:02 - 2014-06-02 16:13 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-07 14:59 - 2014-06-02 16:13 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-07 14:59 - 2014-06-02 16:13 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-07 14:58 - 2014-06-02 16:13 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\temp\avgnt.exe
C:\Users\Administrator\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 00:47

==================== End Of Log ============================
--- --- ---
Antwort

Themen zu Trojaner welcher Mailkonten von Outlook hackt und dadurch Spam verschickt
antivir, bds/androm.vmba, einstellungen, festplatte, google, kaspersky, live cd, mailkonto, microsoft, netzwerk, nicht mehr, outlook, passwort, pup.optional.amazontb.a, rechner, schadcode, spam, trojan.ransom.gend, trojaner, ändern


« Logfile von Zoek.exe ??? | Trojaner in Email als zip heruntergeladen, enthaltene Datei aber nicht ausgeführt - Infektion? »


Ähnliche Themen: Trojaner welcher Mailkonten von Outlook hackt und dadurch Spam verschickt


  1. Trojaner verschickt Spam-Emails
    Log-Analyse und Auswertung - 05.11.2015 (3)
  2. Outlook 2010 verschickt spam-mails mit angehängtem virus!
    Log-Analyse und Auswertung - 26.05.2015 (16)
  3. Outlook 2013 verschickt willkürlich Mails
    Plagegeister aller Art und deren Bekämpfung - 05.10.2014 (19)
  4. Yahoo-Mail Account verschickt Spam, hinterlässt keine Spuren im Verschickt-Ordner Win8
    Plagegeister aller Art und deren Bekämpfung - 16.07.2014 (11)
  5. Aol-Mail Account verschickt Spam - Trojaner?
    Log-Analyse und Auswertung - 27.02.2014 (1)
  6. Mein Rechner verschickt Spam-Emails... Trojaner? Virus?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2013 (11)
  7. Outlook 2007 verschickt EMails von meiner Emailadresse
    Plagegeister aller Art und deren Bekämpfung - 28.06.2013 (21)
  8. Trojaner verschickt Spam-Mails - Runde 2
    Plagegeister aller Art und deren Bekämpfung - 09.07.2012 (25)
  9. spam-mails von hotmail-account verschickt --> trojaner?
    Plagegeister aller Art und deren Bekämpfung - 09.07.2012 (14)
  10. Trojaner / Malware ? Mail Account hat Spam Mails verschickt
    Plagegeister aller Art und deren Bekämpfung - 06.07.2012 (30)
  11. Trojaner verschickt Spam-Mails aus meinem yahoo-Account
    Plagegeister aller Art und deren Bekämpfung - 24.06.2012 (3)
  12. Email Trojaner verschickt Spam-Mail an alle Kontake
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (2)
  13. Yahoo Mail verschickt Spam an eigenes Adressbuch.. Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (1)
  14. Trojaner verschickt Spam-Mails v2
    Log-Analyse und Auswertung - 14.12.2011 (31)
  15. Hilfe, mein Rechner verschickt Spam , Trojaner?
    Überwachung, Datenschutz und Spam - 23.10.2010 (24)
  16. Outlook verschickt hunderte Mails, Trojaner und Heuristicmalware
    Log-Analyse und Auswertung - 02.07.2009 (27)
  17. Outlook Express 6 verschickt Viren-Mails
    Plagegeister aller Art und deren Bekämpfung - 18.02.2003 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner welcher Mailkonten von Outlook hackt und dadurch Spam verschickt - Addition.txt Code: Alles auswählen Aufklappen ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-06-2014 Ran by Administrator at 2014-06-05 17:14:45 Running from E:\Trojaner-Board-Tools Boot Mode: Normal ========================================================== ==================== - Trojaner welcher Mailkonten von Outlook hackt und dadurch Spam verschickt...
Archiv
Du betrachtest: Trojaner welcher Mailkonten von Outlook hackt und dadurch Spam verschickt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132