Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Sicherheitscenter kann nicht aktiviert werden, Update funktioniert nicht mehr! (https://www.trojaner-board.de/142181-windows-7-sicherheitscenter-aktiviert-update-funktioniert-mehr.html)

Stefan_Bonn 27.09.2013 14:55

Windows 7: Sicherheitscenter kann nicht aktiviert werden, Update funktioniert nicht mehr!
 
Hallo zusammen,

ich brauche eure Hilfe. Heute morgen habe ich meinen Rechner gestartet und dann ist mit das Fähnchen mit dem roten X aufgefallen, die mir andeutete, dass das Sicherheitscenter deaktiviert ist.

Als ich es aktivieren wollte, verweigerte er mir das. Ebenfalls kann ich kein Windowsupdate ausführen und Microsoft Security Essentials ist auch deaktiviert und läßt sich nicht starten.

Mit Malwarebytes wollte ich schauen, was los ist, hat aber nicht geholfen. Mittlerweile zeigt der Rechner mir an, dass Windows Defender und Windows Firewall aktiviert werden sollten (was aber nicht funktioniert) und ich mir ein Antivirenporgramm suchen sollte.

Mein Rechner hat Windows 7 Professional 64bit mit SP 1.

Ich arbeite in einer gemeinnützigen Organisation und wir haben leider keine IT-Abteilung bzw. keine IT-Leute sondern wurschteln uns immer sleber irgendwie durch.

Die geforderten Logs:

Defogger
Code:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:31 on 27/09/2013 (Stefan.Krämer)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013
Ran by Stefan.Krämer (administrator) on PC111 on 27-09-2013 15:32:20
Running from C:\Users\Stefan.Krämer\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(AMD) C:\Windows\system32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-21] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] ()
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1272704 2013-09-03] (Adobe Systems Incorporated)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [eDial.exe] - C:\Program Files (x86)\Aastra\Office eDial\\eDial.exe [249392 2013-06-20] (Aastra Telecom Schweiz AG)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: {fc692b9b-5230-11e1-8160-50e549e1b997} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4386336 2008-11-27] (Acronis)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM-x32\...\Run: [CLX3180_Scan2Pc] - C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [1990144 2011-04-29] ()
HKLM-x32\...\Run: [3180 Scan2PC] - C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe [1990144 2011-04-29] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-02-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [155648 2012-02-06] (Apple Computer, Inc.)
HKU\Administrator\...\Run: [AdobeBridge] - [x]
HKU\Administrator\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe [247968 2012-02-10] (Adobe Systems, Inc.)
HKU\User\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\User\...\Run: [AdobeBridge] - [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBD77D9DA5ED1CD01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x64/MuCatalogWebControl.cab?1328263064448
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Hosts: 127.0.0.1        activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Stefan.Krämer\AppData\Roaming\Mozilla\Firefox\Profiles\e9t67xiw.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Stefan.Krämer\AppData\Roaming\Mozilla\Firefox\Profiles\e9t67xiw.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF StartMenuInternet: FIREFOX.EXE - C:\Users\User\firefox.exe

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [57344 2011-08-22] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
S3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\  \...\???\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-27] (Windows (R) Server 2003 DDK provider)
R3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-27] (Windows (R) Server 2003 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2012-01-31] (Acronis)
R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2012-01-31] (Acronis)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-27 15:32 - 2013-09-27 15:32 - 00000000 ____D C:\FRST
2013-09-27 15:31 - 2013-09-27 15:31 - 00000488 _____ C:\Users\Stefan.Krämer\Desktop\defogger_disable.log
2013-09-27 15:31 - 2013-09-27 15:31 - 00000000 _____ C:\Users\Stefan.Krämer\defogger_reenable
2013-09-27 15:30 - 2013-09-27 15:29 - 01953854 _____ (Farbar) C:\Users\Stefan.Krämer\Desktop\FRST64.exe
2013-09-27 15:30 - 2013-09-27 15:29 - 00377856 _____ C:\Users\Stefan.Krämer\Desktop\gmer_2.1.19163.exe
2013-09-27 15:30 - 2013-09-27 15:28 - 00050477 _____ C:\Users\Stefan.Krämer\Desktop\Defogger.exe
2013-09-27 15:23 - 2013-09-27 15:23 - 00000000 ____D C:\Windows\TempB6D63AD4-421E-7030-CE95-F66433CED8BD-Signatures
2013-09-27 15:18 - 2013-09-27 15:18 - 00194638 _____ C:\Users\Administrator\AppData\Local\census.cache
2013-09-27 15:18 - 2013-09-27 15:18 - 00102938 _____ C:\Users\Administrator\AppData\Local\ars.cache
2013-09-27 15:05 - 2013-09-27 15:05 - 00000036 _____ C:\Users\Administrator\AppData\Local\housecall.guid.cache
2013-09-27 14:54 - 2013-09-27 14:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-09-27 12:16 - 2011-01-26 11:11 - 00005256 _____ C:\Users\Stefan.Krämer\Desktop\wscsvc.reg
2013-09-27 11:54 - 2013-09-27 11:54 - 00001161 _____ C:\Users\Stefan.Krämer\Desktop\wscsvc.zip
2013-09-27 11:54 - 2013-09-27 11:54 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\wscsvc
2013-09-27 11:50 - 2013-09-27 11:50 - 00000047 _____ C:\Users\Stefan.Krämer\AppData\Roaming\mbam.context.scan
2013-09-27 11:50 - 2013-09-27 11:38 - 00001150 _____ C:\Users\Stefan.Krämer\Desktop\wscsvc(64).zip
2013-09-27 09:55 - 2013-09-27 09:55 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Malwarebytes
2013-09-27 09:55 - 2013-09-27 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-27 09:55 - 2013-09-27 09:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-27 09:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-26 20:14 - 2013-09-26 20:18 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Spielplan Vicenti 2013
2013-09-26 18:43 - 2013-09-26 18:43 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-09-26 18:38 - 2013-09-26 18:38 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Local\Google
2013-09-26 18:38 - 2013-09-26 18:38 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-26 15:59 - 2013-09-26 13:21 - 00050688 _____ C:\Users\Stefan.Krämer\Desktop\Vicenti.wdb
2013-09-26 15:13 - 2013-09-26 15:19 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\U3
2013-09-25 19:38 - 2013-09-26 21:45 - 08639488 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe VICENC 2013.qxp
2013-09-25 19:38 - 2012-10-15 12:03 - 04187136 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe FRIENDSHIP 2013.qxp
2013-09-25 19:38 - 2012-10-04 00:05 - 04350976 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe MALGRATENSE 2013.qxp
2013-09-24 17:30 - 2013-09-25 18:02 - 21311488 _____ C:\Users\Stefan.Krämer\Desktop\MAPPE_Bildungsreise 2013.indd
2013-09-24 17:05 - 2012-10-09 11:15 - 24485888 _____ C:\Users\Stefan.Krämer\Desktop\MAPPE_Bildungsreise 2012.indd
2013-09-20 17:12 - 2013-09-20 17:12 - 00000000 ____D C:\Program Files (x86)\Advanced IP Scanner v2
2013-09-19 10:56 - 2013-09-19 10:56 - 00000000 ____D C:\Users\User\updated
2013-09-06 12:03 - 2013-09-06 12:03 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Apago
2013-09-06 12:03 - 2013-09-06 12:03 - 00000000 ____D C:\Program Files (x86)\Apago
2013-09-02 16:55 - 2013-09-02 16:55 - 4269171075 ____N C:\Users\Stefan.Krämer\Downloads\B-Jugend_Spiel gegen Leverkusen.zip
2013-08-31 13:01 - 2013-08-31 13:45 - 00011338 _____ C:\Users\Stefan.Krämer\gsview64.ini
2013-08-31 13:01 - 2013-08-31 13:01 - 00000000 ____D C:\Program Files\Ghostgum

==================== One Month Modified Files and Folders =======

2013-09-27 15:32 - 2013-09-27 15:32 - 00000000 ____D C:\FRST
2013-09-27 15:31 - 2013-09-27 15:31 - 00000488 _____ C:\Users\Stefan.Krämer\Desktop\defogger_disable.log
2013-09-27 15:31 - 2013-09-27 15:31 - 00000000 _____ C:\Users\Stefan.Krämer\defogger_reenable
2013-09-27 15:31 - 2012-02-03 15:29 - 00000000 ____D C:\Users\Stefan.Krämer
2013-09-27 15:29 - 2013-09-27 15:30 - 01953854 _____ (Farbar) C:\Users\Stefan.Krämer\Desktop\FRST64.exe
2013-09-27 15:29 - 2013-09-27 15:30 - 00377856 _____ C:\Users\Stefan.Krämer\Desktop\gmer_2.1.19163.exe
2013-09-27 15:28 - 2013-09-27 15:30 - 00050477 _____ C:\Users\Stefan.Krämer\Desktop\Defogger.exe
2013-09-27 15:28 - 2009-07-14 06:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-27 15:28 - 2009-07-14 06:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-27 15:23 - 2013-09-27 15:23 - 00000000 ____D C:\Windows\TempB6D63AD4-421E-7030-CE95-F66433CED8BD-Signatures
2013-09-27 15:23 - 2012-02-09 19:49 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-27 15:23 - 2012-02-09 14:11 - 00002113 _____ C:\Windows\epplauncher.mif
2013-09-27 15:21 - 2012-02-09 19:06 - 00052871 _____ C:\Windows\setupact.log
2013-09-27 15:21 - 2012-02-03 15:22 - 00000128 _____ C:\Windows\system32\config\netlogon.ftl
2013-09-27 15:21 - 2012-01-31 20:50 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-09-27 15:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-27 15:18 - 2013-09-27 15:18 - 00194638 _____ C:\Users\Administrator\AppData\Local\census.cache
2013-09-27 15:18 - 2013-09-27 15:18 - 00102938 _____ C:\Users\Administrator\AppData\Local\ars.cache
2013-09-27 15:05 - 2013-09-27 15:05 - 00000036 _____ C:\Users\Administrator\AppData\Local\housecall.guid.cache
2013-09-27 14:56 - 2012-01-31 20:18 - 01805300 _____ C:\Windows\WindowsUpdate.log
2013-09-27 14:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-27 14:54 - 2013-09-27 14:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-09-27 14:53 - 2012-02-03 15:26 - 00226456 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-27 11:54 - 2013-09-27 11:54 - 00001161 _____ C:\Users\Stefan.Krämer\Desktop\wscsvc.zip
2013-09-27 11:54 - 2013-09-27 11:54 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\wscsvc
2013-09-27 11:54 - 2009-07-14 19:58 - 00656028 _____ C:\Windows\system32\perfh007.dat
2013-09-27 11:54 - 2009-07-14 19:58 - 00130800 _____ C:\Windows\system32\perfc007.dat
2013-09-27 11:54 - 2009-07-14 07:13 - 01504670 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-27 11:50 - 2013-09-27 11:50 - 00000047 _____ C:\Users\Stefan.Krämer\AppData\Roaming\mbam.context.scan
2013-09-27 11:38 - 2013-09-27 11:50 - 00001150 _____ C:\Users\Stefan.Krämer\Desktop\wscsvc(64).zip
2013-09-27 11:16 - 2012-02-09 19:06 - 00071644 _____ C:\Windows\PFRO.log
2013-09-27 09:55 - 2013-09-27 09:55 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Malwarebytes
2013-09-27 09:55 - 2013-09-27 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-27 09:55 - 2013-09-27 09:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-26 21:45 - 2013-09-25 19:38 - 08639488 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe VICENC 2013.qxp
2013-09-26 20:18 - 2013-09-26 20:14 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Spielplan Vicenti 2013
2013-09-26 20:17 - 2012-02-03 17:46 - 00000000 ____D C:\Eigene Dateien
2013-09-26 18:43 - 2013-09-26 18:43 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-09-26 18:43 - 2012-02-24 11:01 - 00000000 ____D C:\FreePDF_XP
2013-09-26 18:38 - 2013-09-26 18:38 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Local\Google
2013-09-26 18:38 - 2013-09-26 18:38 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-26 15:19 - 2013-09-26 15:13 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\U3
2013-09-26 14:18 - 2012-02-06 15:32 - 00007896 _____ C:\Users\Stefan.Krämer\AppData\Roaming\wklnhst.dat
2013-09-26 13:21 - 2013-09-26 15:59 - 00050688 _____ C:\Users\Stefan.Krämer\Desktop\Vicenti.wdb
2013-09-26 10:47 - 2013-07-31 14:55 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Anmeldeformulare 2014
2013-09-25 18:02 - 2013-09-24 17:30 - 21311488 _____ C:\Users\Stefan.Krämer\Desktop\MAPPE_Bildungsreise 2013.indd
2013-09-20 17:31 - 2013-08-02 09:11 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Preislisten 2014
2013-09-20 17:31 - 2013-01-11 12:43 - 00004922 _____ C:\Users\Stefan.Krämer\advanced_ip_scanner_MAC.bin
2013-09-20 17:12 - 2013-09-20 17:12 - 00000000 ____D C:\Program Files (x86)\Advanced IP Scanner v2
2013-09-19 11:13 - 2013-06-10 15:44 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\vlc
2013-09-19 10:58 - 2012-01-31 21:00 - 00000000 ____D C:\Users\User\uninstall
2013-09-19 10:57 - 2013-05-27 14:09 - 00000000 ____D C:\Users\User\browser
2013-09-19 10:57 - 2013-04-12 12:31 - 00027544 _____ (Mozilla Corporation) C:\Users\User\plugin-hang-ui.exe
2013-09-19 10:57 - 2012-12-06 11:07 - 00193824 _____ (Mozilla Corporation) C:\Users\User\maintenanceservice_installer.exe
2013-09-19 10:57 - 2012-12-06 11:07 - 00170232 _____ (Mozilla Corporation) C:\Users\User\webapp-uninstaller.exe
2013-09-19 10:57 - 2012-12-06 11:07 - 00118680 _____ (Mozilla Foundation) C:\Users\User\maintenanceservice.exe
2013-09-19 10:57 - 2012-12-06 11:07 - 00107416 _____ (Mozilla Foundation) C:\Users\User\webapprt-stub.exe
2013-09-19 10:57 - 2012-12-06 11:07 - 00074648 _____ (Mozilla Foundation) C:\Users\User\breakpadinjector.dll
2013-09-19 10:57 - 2012-12-06 11:07 - 00000000 ____D C:\Users\User\webapprt
2013-09-19 10:57 - 2012-03-25 19:07 - 03215256 _____ (Mozilla Foundation) C:\Users\User\gkmedias.dll
2013-09-19 10:57 - 2012-03-25 19:07 - 00128920 _____ (Mozilla Foundation) C:\Users\User\mozglue.dll
2013-09-19 10:57 - 2012-02-03 15:48 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Local\Mozilla
2013-09-19 10:57 - 2012-01-31 21:00 - 21527448 _____ (Mozilla Foundation) C:\Users\User\xul.dll
2013-09-19 10:57 - 2012-01-31 21:00 - 07565921 _____ C:\Users\User\omni.ja
2013-09-19 10:57 - 2012-01-31 21:00 - 03279768 _____ C:\Users\User\mozjs.dll
2013-09-19 10:57 - 2012-01-31 21:00 - 01775000 _____ (Mozilla Foundation) C:\Users\User\nss3.dll
2013-09-19 10:57 - 2012-01-31 21:00 - 00548760 _____ (Mozilla Foundation) C:\Users\User\libGLESv2.dll
2013-09-19 10:57 - 2012-01-31 21:00 - 00392600 _____ (Mozilla Foundation) C:\Users\User\nssckbi.dll
2013-09-19 10:57 - 2012-01-31 21:00 - 00301464 _____ (Mozilla Foundation) C:\Users\User\freebl3.dll
2013-09-19 10:57 - 2012-01-31 21:00 - 00273304 _____ (Mozilla Foundation) C:\Users\User\updater.exe
2013-09-19 10:57 - 2012-01-31 21:00 - 00152984 _____ (Mozilla Foundation) C:\Users\User\softokn3.dll
2013-09-19 10:57 - 2012-01-31 21:00 - 00116632 _____ (Mozilla Foundation) C:\Users\User\crashreporter.exe
2013-09-19 10:57 - 2012-01-31 21:00 - 00091544 _____ (Mozilla Foundation) C:\Users\User\nssdbm3.dll
2013-09-19 10:57 - 2012-01-31 21:00 - 00063384 _____ (Mozilla Foundation) C:\Users\User\libEGL.dll
2013-09-19 10:57 - 2012-01-31 21:00 - 00019352 _____ (Mozilla Foundation) C:\Users\User\AccessibleMarshal.dll
2013-09-19 10:57 - 2012-01-31 21:00 - 00017816 _____ (Mozilla Corporation) C:\Users\User\plugin-container.exe
2013-09-19 10:57 - 2012-01-31 21:00 - 00016280 _____ (Mozilla Foundation) C:\Users\User\mozalloc.dll
2013-09-19 10:57 - 2012-01-31 21:00 - 00001928 _____ C:\Users\User\precomplete
2013-09-19 10:57 - 2012-01-31 21:00 - 00000899 _____ C:\Users\User\softokn3.chk
2013-09-19 10:57 - 2012-01-31 21:00 - 00000899 _____ C:\Users\User\nssdbm3.chk
2013-09-19 10:57 - 2012-01-31 21:00 - 00000899 _____ C:\Users\User\freebl3.chk
2013-09-19 10:57 - 2012-01-31 21:00 - 00000633 _____ C:\Users\User\application.ini
2013-09-19 10:57 - 2012-01-31 21:00 - 00000140 _____ C:\Users\User\platform.ini
2013-09-19 10:56 - 2013-09-19 10:56 - 00000000 ____D C:\Users\User\updated
2013-09-16 17:55 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-13 17:53 - 2012-03-24 02:45 - 00000132 _____ C:\Users\Stefan.Krämer\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-09-12 10:58 - 2012-02-06 18:26 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A.F.5 Rename your files 1.1
2013-09-12 10:58 - 2012-02-06 18:26 - 00000000 ____D C:\Program Files (x86)\A.F.5 Rename your files 1.1
2013-09-12 09:30 - 2012-04-17 09:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-12 09:30 - 2012-01-31 21:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-06 12:03 - 2013-09-06 12:03 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Apago
2013-09-06 12:03 - 2013-09-06 12:03 - 00000000 ____D C:\Program Files (x86)\Apago
2013-09-05 02:00 - 2012-02-06 19:28 - 00000374 _____ C:\Windows\Tasks\Quark Updater.job
2013-09-02 16:55 - 2013-09-02 16:55 - 4269171075 ____N C:\Users\Stefan.Krämer\Downloads\B-Jugend_Spiel gegen Leverkusen.zip
2013-08-31 18:19 - 2013-07-05 08:44 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Sommer 2013
2013-08-31 13:45 - 2013-08-31 13:01 - 00011338 _____ C:\Users\Stefan.Krämer\gsview64.ini
2013-08-31 13:01 - 2013-08-31 13:01 - 00000000 ____D C:\Program Files\Ghostgum

Files to move or delete:
====================
ZeroAccess:
C:\Users\Stefan.Krämer\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\Users\User\AccessibleMarshal.dll
C:\Users\User\breakpadinjector.dll
C:\Users\User\crashreporter.exe
C:\Users\User\D3DCompiler_43.dll
C:\Users\User\freebl3.dll
C:\Users\User\gkmedias.dll
C:\Users\User\libEGL.dll
C:\Users\User\libGLESv2.dll
C:\Users\User\maintenanceservice.exe
C:\Users\User\maintenanceservice_installer.exe
C:\Users\User\mozalloc.dll
C:\Users\User\mozglue.dll
C:\Users\User\mozjs.dll
C:\Users\User\msvcp100.dll
C:\Users\User\msvcr100.dll
C:\Users\User\nss3.dll
C:\Users\User\nssckbi.dll
C:\Users\User\nssdbm3.dll
C:\Users\User\plugin-container.exe
C:\Users\User\plugin-hang-ui.exe
C:\Users\User\softokn3.dll
C:\Users\User\updater.exe
C:\Users\User\webapp-uninstaller.exe
C:\Users\User\webapprt-stub.exe
C:\Users\User\xul.dll


Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\mpam-f3edf41c.exe
C:\Users\Stefan.Krämer\AppData\Local\Temp\AskSLib.dll
C:\Users\Stefan.Krämer\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Stefan.Krämer\AppData\Local\Temp\ESDPK-PLX6-PagePlusStarterEdition_Setup.exe
C:\Users\Stefan.Krämer\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Stefan.Krämer\AppData\Local\Temp\IPx64_1031.exe
C:\Users\Stefan.Krämer\AppData\Local\Temp\ose00000.exe
C:\Users\Stefan.Krämer\AppData\Local\Temp\PriceGong.exe
C:\Users\Stefan.Krämer\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Stefan.Krämer\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Antimalware => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


LastRegBack: 2013-09-23 13:41

==================== End Of Log ============================

Addition
Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013
Ran by Stefan.Krämer at 2013-09-27 15:32:58
Running from C:\Users\Stefan.Krämer\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

@BIOS (x32 Version: 2.12)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
A.F.5 Rename your files 1.1 (x32 Version: 1.1.0.0)
Aastra 400 First-party TAPI Service Provider (x32 Version: 1.3.1)
ACDSee 8 (x32 Version: 8.0.41)
Acronis*True*Image*Home (x32 Version: 12.0.9646.4)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.8)
Adobe AIR (x32 Version: 1.5.3.9120)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Creative Suite 5 Master Collection (x32 Version: 5.0)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Media Player (x32 Version: 1.8)
Advanced IP Scanner 2.3 (x32 Version: 2.3.2161)
AMD Accelerated Video Transcoding (Version: 2.00.0001)
AMD APP SDK Runtime (Version: 10.0.898.1)
AMD Catalyst Install Manager (Version: 3.0.868.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70214.2220)
ATI AVIVO64 Codecs (Version: 11.6.0.10524)
Audacity 2.0.3 (x32 Version: 2.0.3)
Canon iP4900 series Printer Driver
Canon iP5200
Canon My Printer (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0214.2218.39913)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0214.2218.39913)
Catalyst Control Center InstallProxy (x32 Version: 2012.0214.2218.39913)
Catalyst Control Center Localization All (x32 Version: 2012.0214.2218.39913)
CCC Help Chinese Standard (x32 Version: 2012.0214.2217.39913)
CCC Help Chinese Traditional (x32 Version: 2012.0214.2217.39913)
CCC Help Czech (x32 Version: 2012.0214.2217.39913)
CCC Help Danish (x32 Version: 2012.0214.2217.39913)
CCC Help Dutch (x32 Version: 2012.0214.2217.39913)
CCC Help English (x32 Version: 2012.0214.2217.39913)
CCC Help Finnish (x32 Version: 2012.0214.2217.39913)
CCC Help French (x32 Version: 2012.0214.2217.39913)
CCC Help German (x32 Version: 2012.0214.2217.39913)
CCC Help Greek (x32 Version: 2012.0214.2217.39913)
CCC Help Hungarian (x32 Version: 2012.0214.2217.39913)
CCC Help Italian (x32 Version: 2012.0214.2217.39913)
CCC Help Japanese (x32 Version: 2012.0214.2217.39913)
CCC Help Korean (x32 Version: 2012.0214.2217.39913)
CCC Help Norwegian (x32 Version: 2012.0214.2217.39913)
CCC Help Polish (x32 Version: 2012.0214.2217.39913)
CCC Help Portuguese (x32 Version: 2012.0214.2217.39913)
CCC Help Russian (x32 Version: 2012.0214.2217.39913)
CCC Help Spanish (x32 Version: 2012.0214.2217.39913)
CCC Help Swedish (x32 Version: 2012.0214.2217.39913)
CCC Help Thai (x32 Version: 2012.0214.2217.39913)
CCC Help Turkish (x32 Version: 2012.0214.2217.39913)
ccc-utility64 (Version: 2012.0214.2218.39913)
CCleaner (Version: 3.15)
CDBurnerXP (x32 Version: 4.5.0.3685)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Defraggler (Version: 2.09)
DES 2.0 (x32 Version: 1.00.0000)
Dropbox (HKCU Version: 2.0.22)
Etron USB3.0 Host Controller (x32 Version: 0.104)
FileViewPro (Version: 4.0)
FileZilla Client 3.5.3 (x32 Version: 3.5.3)
FormatFactory 3.1.1 (x32 Version: 3.1.1)
Free Video Flip and Rotate version 2.1.7.430 (x32 Version: 2.1.7.430)
FreePDF (Remove only) (x32)
GPL Ghostscript (Version: 9.04)
GSview 5.0 (Version: 5.0)
HFSExplorer 0.21 (x32 Version: 0.21)
High-Definition Video Playback (x32 Version: 11.1.11100.4.196)
HydraVision (x32 Version: 4.2.206.0)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1118)
Java Auto Updater (x32 Version: 2.0.6.1)
Java(TM) 6 Update 30 (x32 Version: 6.0.300)
LibreOffice 3.5 (x32 Version: 3.5.0.13)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Media Add-Ons für Acronis True Image Home 2009 (x32 Version: 12.0.9646.4)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (x32 Version: 12.0.4518.1014)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 08.05.0822)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 10.0 (x86 de) (x32 Version: 10.0)
Mozilla Firefox 24.0 (x86 de) (HKCU Version: 24.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 11 Collection 1 (x32 Version: 11.0.11200.12.0)
Nero 11 Kwik Themes 3 (x32 Version: 11.0.11200.12.0)
Nero 11 Kwik Themes 4 (x32 Version: 11.0.11200.12.0)
Nero 11 Kwik Themes Basic (x32 Version: 11.0.11200.12.0)
Nero 11 PiP Effects 1 (x32 Version: 11.0.11200.12.0)
Nero 11 Video Transitions 1 (x32 Version: 11.0.11200.12.0)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0)
Nero Core Components 11 (x32 Version: 11.0.16000.1.20)
Nero Kwik Media (x32 Version: 1.10.24800.146.100)
Nero Kwik Media (x32 Version: 11.0.17100)
Nero Kwik Media Help (CHM) (x32 Version: 11.0.10200)
Nero Update (x32 Version: 11.0.11500.28.0)
nero.prerequisites.msi (x32 Version: 11.0.20010)
Notepad++ (x32 Version: 6.4.3)
Office eDial (x32 Version: 2.0.8)
ON_OFF Charge B11.0110.1 (x32 Version: 1.00.0001)
PDF Settings CS5 (x32 Version: 10.0)
PxMergeModule (x32 Version: 1.00.0000)
Quark Update (x32 Version: 1.0.0.0)
QuarkXPress (x32 Version: 9.0.0.0)
QuickTime (x32 Version: 7.0.4)
Realtek Ethernet Controller Driver (x32 Version: 7.46.531.2011)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6409)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6423)
RedMon - Redirection Port Monitor
Samsung ML-2010 Series (x32)
Samsung ML-2160 Series (x32)
Samsung Printer Live Update (x32 Version: 1.01.00.04)
Serif PagePlus Starter Edition (x32 Version: 3.0.0.3)
TeamViewer 5 (x32 Version: 5.1.10408 )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Wartung Samsung CLX-3180 Series (x32)
Windows Small Business Server 2008 ClientAgent (Version: 6.0.5601.6)
Windows Small Business Server 2008 Desktop Links Gadget (Version: 6.0.5601.6)
Windows Small Business Server 2008 WMI Provider (x32 Version: 6.0.5601.6)
XnView 2.04 (x32 Version: 2.04)

==================== Restore Points  =========================

26-09-2013 15:23:07 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-02-03 14:43 - 00000854 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

Task: {17A64F9D-F19E-4F30-A827-99B7CD609CD1} - System32\Tasks\{66E89349-310F-43CE-8DEE-312ACC27A26F} => C:\Users\Stefan.Krämer\Desktop\BonnUPD\bonn_fu.exe
Task: {2CDE6D1A-4AD9-4608-AD18-7AC14A63FBE3} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-09] (Microsoft Corporation)
Task: {3EEC3E55-3FC0-4DEE-90F7-2EF71D7AB6FE} - System32\Tasks\Quark Updater => C:\Program Files (x86)\Quark\Quark Update\AutoUpdate.exe [2010-10-22] ()
Task: {446FC94E-C6E8-4FB3-A643-A2BD82F6A9B0} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
Task: {4CF071AD-A091-41F3-A7F3-7F1442E9E091} - System32\Tasks\AdobeAAMUpdater-1.0-PC111-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-09-16] (Adobe Systems Incorporated)
Task: {570C33AD-0E50-4C86-B5D7-63CD051609F6} - System32\Tasks\AdobeAAMUpdater-1.0-KOMM-MIT-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-09-16] (Adobe Systems Incorporated)
Task: {6A64BCDD-4034-497A-A546-E5ED1182D228} - System32\Tasks\{EA21657B-400D-4C11-AA06-E514B5858BDB} => C:\Users\Stefan.Krämer\Desktop\BonnUPD\bonn_fu.exe
Task: {84FFF2AA-3696-40DA-BC84-F0518E2DDF01} - System32\Tasks\{D53E986B-176F-40AE-9B79-34B1D37E938A} => C:\Users\Stefan.Krämer\Desktop\BonnUPD\bonn_fu.exe
Task: {8B0160E8-2477-4826-B0EB-D2B0A7C0D46E} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-06-24] (Microsoft Corporation)
Task: {91C7391E-3FA7-4A1E-AA89-7E3FCBF752E2} - System32\Tasks\{07D47E55-520A-408A-BF5D-4320D57636CE} => C:\Users\Stefan.Krämer\Desktop\BonnUPD\bonn_fu.exe
Task: {B4D21C72-7AC6-4F28-BE11-C2A9C82B33B3} - System32\Tasks\{03AB33BC-332E-4FC1-AB4A-2517ED80D092} => C:\Users\Stefan.Krämer\Desktop\BonnUPD\bonn_fu.exe
Task: {E3EEFADD-4D67-4898-9B1E-59E423CAEB8F} - System32\Tasks\{336A5D23-BC36-4339-B418-878B9DC365A1} => C:\Users\Stefan.Krämer\Desktop\BonnUPD\bonn_fu.exe
Task: {F579C9C7-6321-4708-9E47-B0AFFFBC31AD} - System32\Tasks\{D45879FF-0966-445F-9B29-FE521BFC6DB1} => C:\Users\Stefan.Krämer\Desktop\BonnUPD\bonn_fu.exe
Task: C:\Windows\Tasks\Quark Updater.job => C:\Program Files (x86)\Quark\Quark Update\AutoUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2012-02-14 23:13 - 2012-02-14 23:13 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-01-31 20:47 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2012-02-01 17:52 - 2009-10-31 15:42 - 01384520 _____ () C:\Windows\twain_32\Samsung\CLX3180\ssole.dll
2012-02-01 17:52 - 2010-11-11 11:46 - 00293888 _____ () C:\Windows\twain_32\Samsung\CLX3180\NetModule2.dll
2013-09-03 15:54 - 2013-09-03 15:54 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2013 03:23:25 PM) (Source: Microsoft Security Client Setup) (User: KOMM-MIT)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. (null)

Error: (09/27/2013 03:23:20 PM) (Source: MsiInstaller) (User: KOMM-MIT)
Description: Product: Microsoft Security Client -- Error 1316. A network error occurred while attempting to read from the file: C:\Windows\Installer\epp.msi

Error: (09/27/2013 03:23:17 PM) (Source: MsiInstaller) (User: KOMM-MIT)
Description: Product: Microsoft Security Client -- Error 1316. A network error occurred while attempting to read from the file: C:\Windows\Installer\epp.msi

Error: (09/27/2013 03:09:34 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (09/27/2013 03:09:34 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (09/27/2013 03:08:46 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (09/27/2013 03:05:36 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (09/27/2013 03:05:30 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (09/27/2013 03:04:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (09/27/2013 03:04:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.


System errors:
=============
Error: (09/27/2013 03:30:42 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (09/27/2013 03:30:40 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "PACO" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (09/27/2013 03:30:40 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "PACO" den Befehl "chkdsk" aus.

Error: (09/27/2013 03:21:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060

Error: (09/27/2013 03:21:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (09/27/2013 03:21:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Microsoft Antimalware Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (09/27/2013 03:03:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (09/27/2013 03:02:23 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/27/2013 03:02:23 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/27/2013 03:02:22 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (05/13/2013 10:48:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 8175.12 MB
Available physical RAM: 6412.71 MB
Total Pagefile: 16348.43 MB
Available Pagefile: 14392.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.66 GB) (Free:12.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive n: (Volume) (Fixed) (Total:355.78 GB) (Free:80.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6D09824B)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=98 GB) - (Type=42)
Partition 3: (Not Active) - (Size=368 GB) - (Type=42)

==================== End Of Log ============================

GMER
Code:

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-27 15:45:17
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST500DM002-1BD142 rev.KC45 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\STEFAN~1.KRM\AppData\Local\Temp\pxldapog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1776] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69  00000000758f1465 2 bytes [8F, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1776] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155  00000000758f14bb 2 bytes [8F, 75]
.text  ...                                                                                                                                  * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\                                                                                             
Reg    HKLM\SYSTEM\CurrentControlSet\services\@Parameters\0\x202e\x2764                                                                      836
Reg    HKLM\SYSTEM\ControlSet002\services\ (not active ControlSet)                                                                         
Reg    HKLM\SYSTEM\ControlSet002\services\@Parameters\0\x202e\x2764                                                                          836

---- EOF - GMER 2.1 ----

Malware
Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.27.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stefan.Krämer :: PC111 [Administrator]

Schutz: Aktiviert

27.09.2013 09:56:32
MBAM-log-2013-09-27 (10-52-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|I:\|J:\|K:\|N:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 585323
Laufzeit: 54 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CurrentControlSet\Services\*etadpug (Trojan.Inject.RRE) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google Update (Trojan.Inject.RRE) -> Daten:  -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Users\Stefan.Krämer\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Stefan.Krämer\AppData\Roaming\OpenCandy\C816E45F831147A58D9198AC2A93FC38 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Stefan.Krämer\AppData\Local\Temp\CT3000917 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 16
C:\Users\Stefan.Krämer\AppData\Local\Google\Desktop\Install\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\❤≸⋙\Ⱒ☠⍨\*ﯹ๛\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\GoogleUpdate.exe (Trojan.Inject.RRE) -> Keine Aktion durchgeführt.
c:\program files (x86)\google\desktop\install\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\  \...\*ﯹ๛\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\googleupdate.exe (Trojan.Inject.RRE) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-21-92456429-21299910-4226566416-1182\$RRG9CZC.zip (Trojan.Inject.RRE) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-21-92456429-21299910-4226566416-1182\$RWKJLDY.exe (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
c:\program files (x86)\google\desktop\install\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\  \...\*ﯹ๛\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\u\000000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Users\Stefan.Krämer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\355CGBTY\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Stefan.Krämer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X837T84J\Testbundle23w_1254[1].exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt.
C:\Users\Stefan.Krämer\AppData\Local\Temp\AskPIP_FF_.exe (PUP.Optional.BundledToolBar.A) -> Keine Aktion durchgeführt.
C:\Users\Stefan.Krämer\AppData\Local\Temp\awh3815.tmp (PUP.Optional.Elex) -> Keine Aktion durchgeführt.
C:\Users\Stefan.Krämer\AppData\Local\Temp\awh3A48.tmp (PUP.Optional.Adtool) -> Keine Aktion durchgeführt.
C:\Users\Stefan.Krämer\AppData\Local\Temp\CT3000917\statisticsStub.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Stefan.Krämer\AppData\Roaming\OpenCandy\C816E45F831147A58D9198AC2A93FC38\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Keine Aktion durchgeführt.
C:\Windows\System32\cmdow.exe (PUP.Tool) -> Keine Aktion durchgeführt.
C:\Users\Stefan.Krämer\AppData\Roaming\OpenCandy\C816E45F831147A58D9198AC2A93FC38\3209.ico (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Stefan.Krämer\AppData\Roaming\OpenCandy\C816E45F831147A58D9198AC2A93FC38\speedupmypcDE.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Stefan.Krämer\AppData\Local\Temp\CT3000917\parameters.csf (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.

(Ende)


Ich hoffe, ihr könnt mir helfen! Bin am Verzweifeln!

schrauber 27.09.2013 17:07

hi,
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Stefan_Bonn 27.09.2013 18:06

Erstmal vielen Dank. Ich lasse Combofix laufen; dann warnt er mich, dass MSE im Hintergrund läuft? Ich komme aber nicht dran. Wird nicht als laufendes Programm gezeigt und auch über den Taskmanager und die Prozesse finde ich es nicht.

Beim Start von Windows sagt Windows mir, dass er MSE nicht starten kann?
Was nun?

Edit: Habe MSE deinstallieren wollen. Macht er auch nicht! Jetzt läuft aber dennoch der Combofix!

Ahey,

anbei das Combofix-Log

Code:

ComboFix 13-09-26.03 - Stefan.Krämer 27.09.2013  18:35:23.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8175.6452 [GMT 2:00]
ausgeführt von:: c:\users\Stefan.Krämer\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\Google\Desktop\Install
c:\program files (x86)\Google\Desktop\Install\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\9519~1\A535~1\E628~1\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\@
c:\program files (x86)\Google\Desktop\Install\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\9519~1\A535~1\E628~1\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\L\00000004.@
c:\program files (x86)\Google\Desktop\Install\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\9519~1\A535~1\E628~1\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\L\201d3dde
c:\program files (x86)\Google\Desktop\Install\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\9519~1\A535~1\E628~1\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\L\6715e287
c:\program files (x86)\Google\Desktop\Install\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\9519~1\A535~1\E628~1\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\L\76603ac3
c:\program files (x86)\Google\Desktop\Install\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\9519~1\A535~1\E628~1\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\U\00000004.@.vir
c:\program files (x86)\Google\Desktop\Install\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\9519~1\A535~1\E628~1\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\U\00000008.@.vir
c:\program files (x86)\Google\Desktop\Install\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\9519~1\A535~1\E628~1\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\U\80000000.@.vir
c:\program files (x86)\Google\Desktop\Install\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\9519~1\A535~1\E628~1\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\U\80000032.@.vir
c:\program files (x86)\Google\Desktop\Install\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\9519~1\A535~1\E628~1\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\U\80000064.@.vir
c:\programdata\Local Settings\Temp
c:\users\Stefan.Krämer\AppData\Local\Google\Desktop\Install\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\2E2F~1\28F0~1\E628~1\{23ff0886-cfc9-3a1c-3e9e-ef525c7945e8}\@
c:\users\User\AccessibleMarshal.dll
c:\users\User\breakpadinjector.dll
c:\users\User\crashreporter.exe
c:\users\User\firefox.exe
c:\users\User\freebl3.dll
c:\users\User\gkmedias.dll
c:\users\User\libEGL.dll
c:\users\User\libGLESv2.dll
c:\users\User\maintenanceservice.exe
c:\users\User\maintenanceservice_installer.exe
c:\users\User\mozalloc.dll
c:\users\User\mozglue.dll
c:\users\User\mozjs.dll
c:\users\User\nss3.dll
c:\users\User\nssckbi.dll
c:\users\User\nssdbm3.dll
c:\users\User\plugin-container.exe
c:\users\User\plugin-hang-ui.exe
c:\users\User\softokn3.dll
c:\users\User\updater.exe
c:\users\User\webapp-uninstaller.exe
c:\users\User\webapprt-stub.exe
c:\users\User\xul.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-08-27 bis 2013-09-27  ))))))))))))))))))))))))))))))
.
.
2013-09-27 16:40 . 2013-09-27 16:40        --------        d-----w-        c:\users\User\AppData\Local\temp
2013-09-27 16:40 . 2013-09-27 16:40        --------        d-----w-        c:\users\STEFAN~1\AppData\Local\temp
2013-09-27 16:40 . 2013-09-27 16:40        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-09-27 16:40 . 2013-09-27 16:40        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2013-09-27 15:57 . 2013-09-27 15:57        12872        ----a-w-        c:\windows\system32\bootdelete.exe
2013-09-27 15:44 . 2013-09-27 15:44        --------        d-----w-        c:\program files\HitmanPro
2013-09-27 15:17 . 2013-09-27 15:57        --------        d-----w-        c:\programdata\HitmanPro
2013-09-27 14:57 . 2013-09-27 14:58        --------        d-----w-        c:\windows\Temp921C901D-6A78-72B5-9E7D-7E42C1817384-Signatures
2013-09-27 13:32 . 2013-09-27 13:32        --------        d-----w-        C:\FRST
2013-09-27 12:56 . 2013-09-27 12:56        --------        d-----w-        c:\users\Administrator\AppData\Local\ElevatedDiagnostics
2013-09-27 12:54 . 2013-09-27 12:54        --------        d-----w-        c:\users\Administrator\AppData\Roaming\Malwarebytes
2013-09-27 07:55 . 2013-09-27 07:55        --------        d-----w-        c:\users\Stefan.Krämer\AppData\Roaming\Malwarebytes
2013-09-27 07:55 . 2013-09-27 07:55        --------        d-----w-        c:\programdata\Malwarebytes
2013-09-27 07:55 . 2013-09-27 14:54        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-26 16:43 . 2013-09-26 16:43        --------        d-----w-        c:\windows\SysWow64\%APPDATA%
2013-09-26 16:38 . 2013-09-26 16:38        --------        d-----w-        c:\program files (x86)\Google
2013-09-26 16:38 . 2013-09-26 16:38        --------        d-----w-        c:\users\Stefan.Krämer\AppData\Local\Google
2013-09-06 10:03 . 2013-09-06 10:03        --------        d-----w-        c:\users\Stefan.Krämer\AppData\Roaming\Apago
2013-09-06 10:03 . 2013-09-06 10:03        --------        d-----w-        c:\program files (x86)\Apago
2013-08-31 11:01 . 2013-08-31 11:01        --------        d-----w-        c:\program files\Ghostgum
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-27 16:27 . 2012-01-31 18:50        25640        ----a-w-        c:\windows\gdrv.sys
2013-09-20 15:31 . 2013-01-11 10:43        4922        ----a-w-        c:\users\Stefan.Krämer\advanced_ip_scanner_MAC.bin
2013-09-20 15:31 . 2013-01-11 10:43        4922        ----a-w-        c:\users\Stefan.Krämer\advanced_ip_scanner_MAC.bin
2013-08-28 13:32 . 2013-08-28 13:32        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-08-28 13:32 . 2013-08-28 13:32        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-08-28 13:32 . 2013-08-28 13:32        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-07-16 08:05 . 2012-04-17 07:18        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-16 08:05 . 2012-01-31 19:40        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Stefan.Krämer\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Stefan.Krämer\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Stefan.Krämer\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2013-05-10 1272912]
"eDial.exe"="c:\program files (x86)\Aastra\Office eDial\\eDial.exe" [2013-06-20 249392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-27 4386336]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"CLX3180_Scan2Pc"="c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe" [2011-04-29 1990144]
"3180 Scan2PC"="c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [2011-04-29 1990144]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-08-14 1601488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe aml [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-22 c:\windows\Tasks\Quark Updater.job
- c:\program files (x86)\Quark\Quark Update\AutoUpdate.exe [2010-10-22 15:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Stefan.Krämer\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Stefan.Krämer\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Stefan.Krämer\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Stefan.Krämer\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-21 12632168]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-27  18:43:04
ComboFix-quarantined-files.txt  2013-09-27 16:43
.
Vor Suchlauf: 13 Verzeichnis(se), 18.259.456.000 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 20.788.121.600 Bytes frei
.
- - End Of File - - 80893FCA37671DFD525613670CED640C
A36C5E4F47E84449FF07ED3517B43A31

Das wird mir immer suspekter hier: Nachdem ich MSE deinstallieren wollte, das nicht klappte und Combofix drüber gelaufen ist, konnte MSE wieder installiert werden (Ich wollte nicht ohne Schutz bleiben) und scant gerade das System? Muss ich das verstehen?

schrauber 28.09.2013 12:22

Combofix hat einiges gerichtet :)

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Stefan_Bonn 28.09.2013 14:30

Nochmal vielen Dank, dass du mir hilfst. Beide Daumen hoch!

Anbei die verlangten Logs:

mbam
Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.28.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stefan.Krämer :: PC111 [Administrator]

Schutz: Deaktiviert

28.09.2013 15:03:32
mbam-log-2013-09-28 (15-03-32).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 262526
Laufzeit: 3 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Users\Stefan.Krämer\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Stefan.Krämer\AppData\Roaming\OpenCandy\C816E45F831147A58D9198AC2A93FC38 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 3
C:\Users\Stefan.Krämer\AppData\Roaming\OpenCandy\C816E45F831147A58D9198AC2A93FC38\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Stefan.Krämer\AppData\Roaming\OpenCandy\C816E45F831147A58D9198AC2A93FC38\3209.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Stefan.Krämer\AppData\Roaming\OpenCandy\C816E45F831147A58D9198AC2A93FC38\speedupmypcDE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


adw
Code:

# AdwCleaner v3.005 - Bericht erstellt am 28/09/2013 um 15:13:45
# Updated 22/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Stefan.Krämer - PC111
# Gestartet von : C:\Users\Stefan.Krämer\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : APNMCP

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork
Ordner Gelöscht : C:\Users\STEFAN~1.KRM\AppData\Local\Temp\apn

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photo-to-movie_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photo-to-movie_RASMANCS
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKLM\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Uniblue\DriverScanner

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5qrqz60s.default\prefs.js ]


[ Datei : C:\Users\Stefan.Krämer\AppData\Roaming\Mozilla\Firefox\Profiles\e9t67xiw.default\prefs.js ]


[ Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\n9ovjsb3.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3038 octets] - [28/09/2013 15:13:08]
AdwCleaner[S0].txt - [2590 octets] - [28/09/2013 15:13:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2650 octets] ##########


jrt
Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Professional x64
Ran by Stefan.Kr„mer on 28.09.2013 at 15:19:06,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Stefan.Kr„mer\AppData\Roaming\mozilla\firefox\profiles\e9t67xiw.default\minidumps [908 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.09.2013 at 15:22:28,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST

FRST Logfile:

FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Stefan.Krämer (administrator) on PC111 on 28-09-2013 15:24:11
Running from C:\Users\Stefan.Krämer\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(AMD) C:\Windows\system32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-21] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKCU\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1272704 2013-09-03] (Adobe Systems Incorporated)
HKCU\...\Run: [eDial.exe] - C:\Program Files (x86)\Aastra\Office eDial\\eDial.exe [249392 2013-06-20] (Aastra Telecom Schweiz AG)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-05-24] (AMD)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4386336 2008-11-27] (Acronis)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM-x32\...\Run: [CLX3180_Scan2Pc] - C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [1990144 2011-04-29] ()
HKLM-x32\...\Run: [3180 Scan2PC] - C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe [1990144 2011-04-29] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-02-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\Administrator\...\Run: [AdobeBridge] - [x]
HKU\Administrator\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-05-24] (AMD)
HKU\User\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\User\...\Run: [AdobeBridge] - [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBD77D9DA5ED1CD01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x64/MuCatalogWebControl.cab?1328263064448
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Stefan.Krämer\AppData\Roaming\Mozilla\Firefox\Profiles\e9t67xiw.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Stefan.Krämer\AppData\Roaming\Mozilla\Firefox\Profiles\e9t67xiw.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [57344 2011-08-22] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-28] (Windows (R) Server 2003 DDK provider)
R3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-28] (Windows (R) Server 2003 DDK provider)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2012-01-31] (Acronis)
R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2012-01-31] (Acronis)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-28 15:22 - 2013-09-28 15:22 - 00000774 _____ C:\Users\Stefan.Krämer\Desktop\JRT.txt
2013-09-28 15:20 - 2013-09-28 15:20 - 01953880 _____ (Farbar) C:\Users\Stefan.Krämer\Desktop\FRST64.exe
2013-09-28 15:19 - 2013-09-28 15:19 - 00000000 ____D C:\Windows\ERUNT
2013-09-28 15:18 - 2013-09-28 15:18 - 01030305 _____ (Thisisu) C:\Users\Stefan.Krämer\Desktop\JRT.exe
2013-09-28 15:16 - 2013-09-28 15:16 - 00002730 _____ C:\Users\Stefan.Krämer\Desktop\AdwCleaner[S0].txt
2013-09-28 15:13 - 2013-09-28 15:13 - 00000000 ____D C:\AdwCleaner
2013-09-28 15:12 - 2013-09-28 15:12 - 01042066 _____ C:\Users\Stefan.Krämer\Desktop\adwcleaner.exe
2013-09-28 15:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-27 23:10 - 2013-09-27 17:37 - 00040448 _____ C:\Users\Stefan.Krämer\Desktop\Friendship.wdb
2013-09-27 22:51 - 2013-09-27 18:09 - 00045568 _____ C:\Users\Stefan.Krämer\Desktop\Malgrat.wdb
2013-09-27 21:57 - 2013-09-27 21:54 - 08641536 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe VICENC 2013 - Kopie.qxp
2013-09-27 21:49 - 2013-09-27 21:49 - 00000000 ____D C:\Windows\SysWOW64\Quark ShapeMaker Presets
2013-09-27 20:16 - 2013-09-27 20:16 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-27 20:16 - 2013-09-27 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-27 20:16 - 2013-09-27 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 18:58 - 2013-09-27 18:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-27 18:58 - 2013-09-27 18:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-27 18:58 - 2013-09-27 15:03 - 13842112 _____ (Microsoft Corporation) C:\Users\Stefan.Krämer\Desktop\mseinstall.exe
2013-09-27 18:43 - 2013-09-27 18:43 - 00018570 _____ C:\ComboFix.txt
2013-09-27 18:30 - 2013-09-27 18:30 - 05129766 ____R (Swearware) C:\Users\Stefan.Krämer\Desktop\ComboFix.exe
2013-09-27 18:14 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-27 18:14 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-27 18:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-27 18:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-27 18:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-27 18:14 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-27 18:14 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-27 18:14 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-27 18:13 - 2013-09-27 18:43 - 00000000 ____D C:\Qoobox
2013-09-27 18:13 - 2013-09-27 18:41 - 00000000 ____D C:\Windows\erdnt
2013-09-27 17:57 - 2013-09-27 17:57 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-09-27 17:50 - 2013-08-01 16:36 - 09819944 _____ (SurfRight B.V.) C:\Users\Stefan.Krämer\Desktop\HitmanPro_x64.exe.BAK
2013-09-27 17:44 - 2013-09-27 17:44 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-27 17:17 - 2013-09-27 17:57 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-27 17:08 - 2013-09-27 17:08 - 00000136 _____ C:\Windows\system32\config\netlogon.ftl
2013-09-27 16:58 - 2013-09-27 16:58 - 00000000 ____D C:\Windows\system32\config\amd64
2013-09-27 16:58 - 2013-07-18 22:22 - 00185664 _____ (Microsoft Corporation) C:\Windows\system32\config\EppManifest.dll
2013-09-27 16:58 - 2013-07-18 20:25 - 00008864 _____ (Microsoft Corporation) C:\Windows\system32\config\setupres.dll
2013-09-27 16:57 - 2013-09-27 16:58 - 00000000 ____D C:\Windows\Temp921C901D-6A78-72B5-9E7D-7E42C1817384-Signatures
2013-09-27 16:25 - 2013-09-27 16:25 - 00001478 _____ C:\Users\Stefan.Krämer\Desktop\gmer1.txt
2013-09-27 15:45 - 2013-09-27 15:45 - 00001478 _____ C:\Users\Stefan.Krämer\Desktop\gmer.txt
2013-09-27 15:32 - 2013-09-27 15:33 - 00021412 _____ C:\Users\Stefan.Krämer\Desktop\Addition.txt
2013-09-27 15:32 - 2013-09-27 15:32 - 00000000 ____D C:\FRST
2013-09-27 15:31 - 2013-09-27 15:31 - 00000488 _____ C:\Users\Stefan.Krämer\Desktop\defogger_disable.log
2013-09-27 15:31 - 2013-09-27 15:31 - 00000000 _____ C:\Users\Stefan.Krämer\defogger_reenable
2013-09-27 15:18 - 2013-09-27 15:18 - 00194638 _____ C:\Users\Administrator\AppData\Local\census.cache
2013-09-27 15:18 - 2013-09-27 15:18 - 00102938 _____ C:\Users\Administrator\AppData\Local\ars.cache
2013-09-27 15:05 - 2013-09-27 15:05 - 00000036 _____ C:\Users\Administrator\AppData\Local\housecall.guid.cache
2013-09-27 14:54 - 2013-09-27 14:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-09-27 11:54 - 2013-09-27 11:54 - 00001161 _____ C:\Users\Stefan.Krämer\Desktop\wscsvc.zip
2013-09-27 11:54 - 2013-09-27 11:54 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\wscsvc
2013-09-27 11:50 - 2013-09-27 11:50 - 00000047 _____ C:\Users\Stefan.Krämer\AppData\Roaming\mbam.context.scan
2013-09-27 11:50 - 2013-09-27 11:38 - 00001150 _____ C:\Users\Stefan.Krämer\Desktop\wscsvc(64).zip
2013-09-27 09:55 - 2013-09-28 15:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-27 09:55 - 2013-09-27 09:55 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Malwarebytes
2013-09-27 09:55 - 2013-09-27 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-26 20:14 - 2013-09-27 22:04 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Spielplan Vicenti 2013
2013-09-26 18:43 - 2013-09-26 18:43 - 00000000 ____D C:\Windows\SysWOW64\%APPDATA%
2013-09-26 18:38 - 2013-09-26 18:38 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Local\Google
2013-09-26 15:59 - 2013-09-26 13:21 - 00050688 _____ C:\Users\Stefan.Krämer\Desktop\Vicenti.wdb
2013-09-25 19:38 - 2013-09-27 23:12 - 08448000 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe FRIENDSHIP 2013.qxp
2013-09-25 19:38 - 2013-09-27 22:55 - 08452096 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe MALGRATENSE 2013.qxp
2013-09-25 19:38 - 2013-09-27 22:17 - 08641536 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe VICENC 2013.qxp
2013-09-24 17:30 - 2013-09-25 18:02 - 21311488 _____ C:\Users\Stefan.Krämer\Desktop\MAPPE_Bildungsreise 2013.indd
2013-09-24 17:05 - 2012-10-09 11:15 - 24485888 _____ C:\Users\Stefan.Krämer\Desktop\MAPPE_Bildungsreise 2012.indd
2013-09-06 12:03 - 2013-09-06 12:03 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Apago
2013-09-06 12:03 - 2013-09-06 12:03 - 00000000 ____D C:\Program Files (x86)\Apago
2013-09-02 16:55 - 2013-09-02 16:55 - 4269171075 ____N C:\Users\Stefan.Krämer\Downloads\B-Jugend_Spiel gegen Leverkusen.zip
2013-08-31 13:01 - 2013-08-31 13:45 - 00011338 _____ C:\Users\Stefan.Krämer\gsview64.ini
2013-08-31 13:01 - 2013-08-31 13:01 - 00000000 ____D C:\Program Files\Ghostgum

==================== One Month Modified Files and Folders =======

2013-09-28 15:22 - 2013-09-28 15:22 - 00000774 _____ C:\Users\Stefan.Krämer\Desktop\JRT.txt
2013-09-28 15:22 - 2009-07-14 06:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-28 15:22 - 2009-07-14 06:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-28 15:21 - 2012-01-31 20:18 - 01189455 _____ C:\Windows\WindowsUpdate.log
2013-09-28 15:20 - 2013-09-28 15:20 - 01953880 _____ (Farbar) C:\Users\Stefan.Krämer\Desktop\FRST64.exe
2013-09-28 15:19 - 2013-09-28 15:19 - 00000000 ____D C:\Windows\ERUNT
2013-09-28 15:18 - 2013-09-28 15:18 - 01030305 _____ (Thisisu) C:\Users\Stefan.Krämer\Desktop\JRT.exe
2013-09-28 15:16 - 2013-09-28 15:16 - 00002730 _____ C:\Users\Stefan.Krämer\Desktop\AdwCleaner[S0].txt
2013-09-28 15:14 - 2012-02-09 19:06 - 00048000 _____ C:\Windows\setupact.log
2013-09-28 15:14 - 2012-01-31 20:50 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-09-28 15:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-28 15:13 - 2013-09-28 15:13 - 00000000 ____D C:\AdwCleaner
2013-09-28 15:12 - 2013-09-28 15:12 - 01042066 _____ C:\Users\Stefan.Krämer\Desktop\adwcleaner.exe
2013-09-28 15:10 - 2012-02-09 19:06 - 00067740 _____ C:\Windows\PFRO.log
2013-09-28 15:01 - 2013-09-27 09:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-27 23:12 - 2013-09-25 19:38 - 08448000 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe FRIENDSHIP 2013.qxp
2013-09-27 22:55 - 2013-09-25 19:38 - 08452096 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe MALGRATENSE 2013.qxp
2013-09-27 22:35 - 2012-03-24 02:45 - 00000132 _____ C:\Users\Stefan.Krämer\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-09-27 22:17 - 2013-09-25 19:38 - 08641536 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe VICENC 2013.qxp
2013-09-27 22:04 - 2013-09-26 20:14 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Spielplan Vicenti 2013
2013-09-27 22:04 - 2012-02-03 17:46 - 00000000 ____D C:\Eigene Dateien
2013-09-27 21:54 - 2013-09-27 21:57 - 08641536 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe VICENC 2013 - Kopie.qxp
2013-09-27 21:49 - 2013-09-27 21:49 - 00000000 ____D C:\Windows\SysWOW64\Quark ShapeMaker Presets
2013-09-27 21:49 - 2012-02-06 19:15 - 00054156 ____H C:\Windows\QTFont.qfn
2013-09-27 21:07 - 2012-02-06 15:32 - 00007896 _____ C:\Users\Stefan.Krämer\AppData\Roaming\wklnhst.dat
2013-09-27 21:00 - 2012-02-01 14:49 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-09-27 20:16 - 2013-09-27 20:16 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-27 20:16 - 2013-09-27 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-27 20:16 - 2013-09-27 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 19:28 - 2012-01-31 21:16 - 01526060 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-27 19:28 - 2009-07-14 19:58 - 00657438 _____ C:\Windows\system32\perfh007.dat
2013-09-27 19:28 - 2009-07-14 19:58 - 00130810 _____ C:\Windows\system32\perfc007.dat
2013-09-27 18:58 - 2013-09-27 18:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-27 18:58 - 2013-09-27 18:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-27 18:58 - 2012-02-09 14:11 - 00001912 _____ C:\Windows\epplauncher.mif
2013-09-27 18:43 - 2013-09-27 18:43 - 00018570 _____ C:\ComboFix.txt
2013-09-27 18:43 - 2013-09-27 18:13 - 00000000 ____D C:\Qoobox
2013-09-27 18:43 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-27 18:41 - 2013-09-27 18:13 - 00000000 ____D C:\Windows\erdnt
2013-09-27 18:41 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-27 18:30 - 2013-09-27 18:30 - 05129766 ____R (Swearware) C:\Users\Stefan.Krämer\Desktop\ComboFix.exe
2013-09-27 18:30 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-27 18:09 - 2013-09-27 22:51 - 00045568 _____ C:\Users\Stefan.Krämer\Desktop\Malgrat.wdb
2013-09-27 17:57 - 2013-09-27 17:57 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-09-27 17:57 - 2013-09-27 17:17 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-27 17:44 - 2013-09-27 17:44 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-27 17:37 - 2013-09-27 23:10 - 00040448 _____ C:\Users\Stefan.Krämer\Desktop\Friendship.wdb
2013-09-27 17:08 - 2013-09-27 17:08 - 00000136 _____ C:\Windows\system32\config\netlogon.ftl
2013-09-27 16:58 - 2013-09-27 16:58 - 00000000 ____D C:\Windows\system32\config\amd64
2013-09-27 16:58 - 2013-09-27 16:57 - 00000000 ____D C:\Windows\Temp921C901D-6A78-72B5-9E7D-7E42C1817384-Signatures
2013-09-27 16:56 - 2012-02-03 15:29 - 00000000 ____D C:\Users\Stefan.Krämer
2013-09-27 16:53 - 2013-08-19 09:48 - 00000000 ____D C:\Users\User\updated
2013-09-27 16:53 - 2013-08-15 10:56 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\XnView
2013-09-27 16:53 - 2013-06-10 15:44 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\vlc
2013-09-27 16:53 - 2013-05-27 14:09 - 00000000 ____D C:\Users\User\browser
2013-09-27 16:53 - 2013-01-11 12:33 - 00000000 ____D C:\Program Files (x86)\Advanced IP Scanner v2
2013-09-27 16:53 - 2012-12-06 11:07 - 00000000 ____D C:\Users\User\webapprt
2013-09-27 16:53 - 2012-03-27 09:47 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\TeamViewer
2013-09-27 16:53 - 2012-02-06 18:26 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A.F.5 Rename your files 1.1
2013-09-27 16:53 - 2012-02-06 18:26 - 00000000 ____D C:\Program Files (x86)\A.F.5 Rename your files 1.1
2013-09-27 16:53 - 2012-02-03 15:25 - 00000000 ____D C:\Users\Administrator
2013-09-27 16:53 - 2012-01-31 21:00 - 00000000 ____D C:\Users\User\uninstall
2013-09-27 16:53 - 2009-07-14 20:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-27 16:53 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-27 16:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-27 16:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\security
2013-09-27 16:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-09-27 16:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-09-27 16:51 - 2012-02-03 15:48 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Local\Mozilla
2013-09-27 16:25 - 2013-09-27 16:25 - 00001478 _____ C:\Users\Stefan.Krämer\Desktop\gmer1.txt
2013-09-27 15:45 - 2013-09-27 15:45 - 00001478 _____ C:\Users\Stefan.Krämer\Desktop\gmer.txt
2013-09-27 15:33 - 2013-09-27 15:32 - 00021412 _____ C:\Users\Stefan.Krämer\Desktop\Addition.txt
2013-09-27 15:32 - 2013-09-27 15:32 - 00000000 ____D C:\FRST
2013-09-27 15:31 - 2013-09-27 15:31 - 00000488 _____ C:\Users\Stefan.Krämer\Desktop\defogger_disable.log
2013-09-27 15:31 - 2013-09-27 15:31 - 00000000 _____ C:\Users\Stefan.Krämer\defogger_reenable
2013-09-27 15:18 - 2013-09-27 15:18 - 00194638 _____ C:\Users\Administrator\AppData\Local\census.cache
2013-09-27 15:18 - 2013-09-27 15:18 - 00102938 _____ C:\Users\Administrator\AppData\Local\ars.cache
2013-09-27 15:05 - 2013-09-27 15:05 - 00000036 _____ C:\Users\Administrator\AppData\Local\housecall.guid.cache
2013-09-27 15:03 - 2013-09-27 18:58 - 13842112 _____ (Microsoft Corporation) C:\Users\Stefan.Krämer\Desktop\mseinstall.exe
2013-09-27 14:54 - 2013-09-27 14:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-09-27 14:53 - 2012-02-03 15:26 - 00226456 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-27 11:54 - 2013-09-27 11:54 - 00001161 _____ C:\Users\Stefan.Krämer\Desktop\wscsvc.zip
2013-09-27 11:54 - 2013-09-27 11:54 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\wscsvc
2013-09-27 11:50 - 2013-09-27 11:50 - 00000047 _____ C:\Users\Stefan.Krämer\AppData\Roaming\mbam.context.scan
2013-09-27 11:38 - 2013-09-27 11:50 - 00001150 _____ C:\Users\Stefan.Krämer\Desktop\wscsvc(64).zip
2013-09-27 09:55 - 2013-09-27 09:55 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Malwarebytes
2013-09-27 09:55 - 2013-09-27 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-26 18:43 - 2013-09-26 18:43 - 00000000 ____D C:\Windows\SysWOW64\%APPDATA%
2013-09-26 18:43 - 2012-02-24 11:01 - 00000000 ____D C:\FreePDF_XP
2013-09-26 18:38 - 2013-09-26 18:38 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Local\Google
2013-09-26 13:21 - 2013-09-26 15:59 - 00050688 _____ C:\Users\Stefan.Krämer\Desktop\Vicenti.wdb
2013-09-26 10:47 - 2013-07-31 14:55 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Anmeldeformulare 2014
2013-09-25 18:02 - 2013-09-24 17:30 - 21311488 _____ C:\Users\Stefan.Krämer\Desktop\MAPPE_Bildungsreise 2013.indd
2013-09-20 17:31 - 2013-08-02 09:11 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Preislisten 2014
2013-09-20 17:31 - 2013-01-11 12:43 - 00004922 _____ C:\Users\Stefan.Krämer\advanced_ip_scanner_MAC.bin
2013-09-19 10:57 - 2012-01-31 21:00 - 00001928 _____ C:\Users\User\precomplete
2013-09-19 10:57 - 2012-01-31 21:00 - 00000899 _____ C:\Users\User\softokn3.chk
2013-09-19 10:57 - 2012-01-31 21:00 - 00000899 _____ C:\Users\User\nssdbm3.chk
2013-09-19 10:57 - 2012-01-31 21:00 - 00000899 _____ C:\Users\User\freebl3.chk
2013-09-16 17:55 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-06 12:03 - 2013-09-06 12:03 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Apago
2013-09-06 12:03 - 2013-09-06 12:03 - 00000000 ____D C:\Program Files (x86)\Apago
2013-09-02 16:55 - 2013-09-02 16:55 - 4269171075 ____N C:\Users\Stefan.Krämer\Downloads\B-Jugend_Spiel gegen Leverkusen.zip
2013-08-31 18:22 - 2009-07-14 07:13 - 01505034 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-31 18:19 - 2013-07-05 08:44 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Sommer 2013
2013-08-31 13:45 - 2013-08-31 13:01 - 00011338 _____ C:\Users\Stefan.Krämer\gsview64.ini
2013-08-31 13:01 - 2013-08-31 13:01 - 00000000 ____D C:\Program Files\Ghostgum

Files to move or delete:
====================
ZeroAccess:
C:\Users\Stefan.Krämer\AppData\Local\Google\Desktop\Install
C:\Users\User\D3DCompiler_43.dll
C:\Users\User\msvcp100.dll
C:\Users\User\msvcr100.dll


Some content of TEMP:
====================
C:\Users\Stefan.Krämer\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-23 13:41

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber 29.09.2013 05:49


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Stefan_Bonn 29.09.2013 21:42

Danke dir:

ESET
Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4dad6c4d9edefb4db94262a06723b35a
# engine=15299
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-29 08:26:41
# local_time=2013-09-29 10:26:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5892 16777213 88 94 185284 8901393 0 0
# scanned=789723
# found=0
# cleaned=0
# scan_time=15037

Checkup
Code:

Results of screen317's Security Check version 0.99.73 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java(TM) 6 Update 30 
 Java version out of Date!
 Adobe Flash Player 11.8.800.94 
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST

FRST Logfile:

FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Stefan.Krämer (administrator) on PC111 on 29-09-2013 22:36:58
Running from C:\Users\Stefan.Krämer\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-21] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKCU\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1272704 2013-09-03] (Adobe Systems Incorporated)
HKCU\...\Run: [eDial.exe] - C:\Program Files (x86)\Aastra\Office eDial\\eDial.exe [249392 2013-06-20] (Aastra Telecom Schweiz AG)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4386336 2008-11-27] (Acronis)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM-x32\...\Run: [CLX3180_Scan2Pc] - C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [1990144 2011-04-29] ()
HKLM-x32\...\Run: [3180 Scan2PC] - C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe [1990144 2011-04-29] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-02-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\Administrator\...\Run: [AdobeBridge] - [x]
HKU\Administrator\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-05-24] (AMD)
HKU\User\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\User\...\Run: [AdobeBridge] - [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBD77D9DA5ED1CD01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x64/MuCatalogWebControl.cab?1328263064448
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Stefan.Krämer\AppData\Roaming\Mozilla\Firefox\Profiles\e9t67xiw.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Stefan.Krämer\AppData\Roaming\Mozilla\Firefox\Profiles\e9t67xiw.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [57344 2011-08-22] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-29] (Windows (R) Server 2003 DDK provider)
R3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-29] (Windows (R) Server 2003 DDK provider)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2012-01-31] (Acronis)
R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2012-01-31] (Acronis)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-29 22:36 - 2013-09-29 22:36 - 00000860 _____ C:\Users\Stefan.Krämer\Desktop\checkup.txt
2013-09-29 22:33 - 2013-09-29 22:33 - 00891144 _____ C:\Users\Stefan.Krämer\Desktop\SecurityCheck.exe
2013-09-29 18:14 - 2013-09-29 18:14 - 02347384 _____ (ESET) C:\Users\Stefan.Krämer\Desktop\esetsmartinstaller_enu.exe
2013-09-28 15:22 - 2013-09-28 15:22 - 00000774 _____ C:\Users\Stefan.Krämer\Desktop\JRT.txt
2013-09-28 15:20 - 2013-09-28 15:20 - 01953880 _____ (Farbar) C:\Users\Stefan.Krämer\Desktop\FRST64.exe
2013-09-28 15:19 - 2013-09-28 15:19 - 00000000 ____D C:\Windows\ERUNT
2013-09-28 15:18 - 2013-09-28 15:18 - 01030305 _____ (Thisisu) C:\Users\Stefan.Krämer\Desktop\JRT.exe
2013-09-28 15:16 - 2013-09-28 15:16 - 00002730 _____ C:\Users\Stefan.Krämer\Desktop\AdwCleaner[S0].txt
2013-09-28 15:13 - 2013-09-28 15:13 - 00000000 ____D C:\AdwCleaner
2013-09-28 15:12 - 2013-09-28 15:12 - 01042066 _____ C:\Users\Stefan.Krämer\Desktop\adwcleaner.exe
2013-09-28 15:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-27 23:10 - 2013-09-27 17:37 - 00040448 _____ C:\Users\Stefan.Krämer\Desktop\Friendship.wdb
2013-09-27 22:51 - 2013-09-27 18:09 - 00045568 _____ C:\Users\Stefan.Krämer\Desktop\Malgrat.wdb
2013-09-27 21:57 - 2013-09-27 21:54 - 08641536 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe VICENC 2013 - Kopie.qxp
2013-09-27 21:49 - 2013-09-27 21:49 - 00000000 ____D C:\Windows\SysWOW64\Quark ShapeMaker Presets
2013-09-27 20:16 - 2013-09-27 20:16 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-27 20:16 - 2013-09-27 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-27 20:16 - 2013-09-27 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 18:58 - 2013-09-27 18:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-27 18:58 - 2013-09-27 18:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-27 18:58 - 2013-09-27 15:03 - 13842112 _____ (Microsoft Corporation) C:\Users\Stefan.Krämer\Desktop\mseinstall.exe
2013-09-27 18:43 - 2013-09-27 18:43 - 00018570 _____ C:\ComboFix.txt
2013-09-27 18:30 - 2013-09-27 18:30 - 05129766 ____R (Swearware) C:\Users\Stefan.Krämer\Desktop\ComboFix.exe
2013-09-27 18:14 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-27 18:14 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-27 18:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-27 18:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-27 18:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-27 18:14 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-27 18:14 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-27 18:14 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-27 18:13 - 2013-09-27 18:43 - 00000000 ____D C:\Qoobox
2013-09-27 18:13 - 2013-09-27 18:41 - 00000000 ____D C:\Windows\erdnt
2013-09-27 17:57 - 2013-09-27 17:57 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-09-27 17:50 - 2013-08-01 16:36 - 09819944 _____ (SurfRight B.V.) C:\Users\Stefan.Krämer\Desktop\HitmanPro_x64.exe.BAK
2013-09-27 17:44 - 2013-09-27 17:44 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-27 17:17 - 2013-09-27 17:57 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-27 17:08 - 2013-09-27 17:08 - 00000136 _____ C:\Windows\system32\config\netlogon.ftl
2013-09-27 16:58 - 2013-09-27 16:58 - 00000000 ____D C:\Windows\system32\config\amd64
2013-09-27 16:58 - 2013-07-18 22:22 - 00185664 _____ (Microsoft Corporation) C:\Windows\system32\config\EppManifest.dll
2013-09-27 16:58 - 2013-07-18 20:25 - 00008864 _____ (Microsoft Corporation) C:\Windows\system32\config\setupres.dll
2013-09-27 16:57 - 2013-09-27 16:58 - 00000000 ____D C:\Windows\Temp921C901D-6A78-72B5-9E7D-7E42C1817384-Signatures
2013-09-27 16:25 - 2013-09-27 16:25 - 00001478 _____ C:\Users\Stefan.Krämer\Desktop\gmer1.txt
2013-09-27 15:45 - 2013-09-27 15:45 - 00001478 _____ C:\Users\Stefan.Krämer\Desktop\gmer.txt
2013-09-27 15:32 - 2013-09-27 15:33 - 00021412 _____ C:\Users\Stefan.Krämer\Desktop\Addition.txt
2013-09-27 15:32 - 2013-09-27 15:32 - 00000000 ____D C:\FRST
2013-09-27 15:31 - 2013-09-27 15:31 - 00000488 _____ C:\Users\Stefan.Krämer\Desktop\defogger_disable.log
2013-09-27 15:31 - 2013-09-27 15:31 - 00000000 _____ C:\Users\Stefan.Krämer\defogger_reenable
2013-09-27 15:18 - 2013-09-27 15:18 - 00194638 _____ C:\Users\Administrator\AppData\Local\census.cache
2013-09-27 15:18 - 2013-09-27 15:18 - 00102938 _____ C:\Users\Administrator\AppData\Local\ars.cache
2013-09-27 15:05 - 2013-09-27 15:05 - 00000036 _____ C:\Users\Administrator\AppData\Local\housecall.guid.cache
2013-09-27 14:54 - 2013-09-27 14:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-09-27 11:54 - 2013-09-27 11:54 - 00001161 _____ C:\Users\Stefan.Krämer\Desktop\wscsvc.zip
2013-09-27 11:54 - 2013-09-27 11:54 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\wscsvc
2013-09-27 11:50 - 2013-09-27 11:50 - 00000047 _____ C:\Users\Stefan.Krämer\AppData\Roaming\mbam.context.scan
2013-09-27 11:50 - 2013-09-27 11:38 - 00001150 _____ C:\Users\Stefan.Krämer\Desktop\wscsvc(64).zip
2013-09-27 09:55 - 2013-09-28 15:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-27 09:55 - 2013-09-27 09:55 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Malwarebytes
2013-09-27 09:55 - 2013-09-27 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-26 20:14 - 2013-09-27 22:04 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Spielplan Vicenti 2013
2013-09-26 18:43 - 2013-09-26 18:43 - 00000000 ____D C:\Windows\SysWOW64\%APPDATA%
2013-09-26 18:38 - 2013-09-26 18:38 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Local\Google
2013-09-26 15:59 - 2013-09-26 13:21 - 00050688 _____ C:\Users\Stefan.Krämer\Desktop\Vicenti.wdb
2013-09-25 19:38 - 2013-09-27 23:12 - 08448000 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe FRIENDSHIP 2013.qxp
2013-09-25 19:38 - 2013-09-27 22:55 - 08452096 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe MALGRATENSE 2013.qxp
2013-09-25 19:38 - 2013-09-27 22:17 - 08641536 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe VICENC 2013.qxp
2013-09-24 17:30 - 2013-09-25 18:02 - 21311488 _____ C:\Users\Stefan.Krämer\Desktop\MAPPE_Bildungsreise 2013.indd
2013-09-24 17:05 - 2012-10-09 11:15 - 24485888 _____ C:\Users\Stefan.Krämer\Desktop\MAPPE_Bildungsreise 2012.indd
2013-09-06 12:03 - 2013-09-06 12:03 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Apago
2013-09-06 12:03 - 2013-09-06 12:03 - 00000000 ____D C:\Program Files (x86)\Apago
2013-09-02 16:55 - 2013-09-02 16:55 - 4269171075 ____N C:\Users\Stefan.Krämer\Downloads\B-Jugend_Spiel gegen Leverkusen.zip
2013-08-31 13:01 - 2013-08-31 13:45 - 00011338 _____ C:\Users\Stefan.Krämer\gsview64.ini
2013-08-31 13:01 - 2013-08-31 13:01 - 00000000 ____D C:\Program Files\Ghostgum

==================== One Month Modified Files and Folders =======

2013-09-29 22:36 - 2013-09-29 22:36 - 00000860 _____ C:\Users\Stefan.Krämer\Desktop\checkup.txt
2013-09-29 22:33 - 2013-09-29 22:33 - 00891144 _____ C:\Users\Stefan.Krämer\Desktop\SecurityCheck.exe
2013-09-29 21:57 - 2012-01-31 20:18 - 01248205 _____ C:\Windows\WindowsUpdate.log
2013-09-29 18:14 - 2013-09-29 18:14 - 02347384 _____ (ESET) C:\Users\Stefan.Krämer\Desktop\esetsmartinstaller_enu.exe
2013-09-29 18:14 - 2009-07-14 19:58 - 00657438 _____ C:\Windows\system32\perfh007.dat
2013-09-29 18:14 - 2009-07-14 19:58 - 00130810 _____ C:\Windows\system32\perfc007.dat
2013-09-29 18:14 - 2009-07-14 07:13 - 01507106 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-29 18:13 - 2009-07-14 06:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-29 18:13 - 2009-07-14 06:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-29 18:04 - 2012-02-09 19:06 - 00048056 _____ C:\Windows\setupact.log
2013-09-29 18:04 - 2012-01-31 20:50 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-09-29 18:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-28 15:22 - 2013-09-28 15:22 - 00000774 _____ C:\Users\Stefan.Krämer\Desktop\JRT.txt
2013-09-28 15:20 - 2013-09-28 15:20 - 01953880 _____ (Farbar) C:\Users\Stefan.Krämer\Desktop\FRST64.exe
2013-09-28 15:19 - 2013-09-28 15:19 - 00000000 ____D C:\Windows\ERUNT
2013-09-28 15:18 - 2013-09-28 15:18 - 01030305 _____ (Thisisu) C:\Users\Stefan.Krämer\Desktop\JRT.exe
2013-09-28 15:16 - 2013-09-28 15:16 - 00002730 _____ C:\Users\Stefan.Krämer\Desktop\AdwCleaner[S0].txt
2013-09-28 15:13 - 2013-09-28 15:13 - 00000000 ____D C:\AdwCleaner
2013-09-28 15:12 - 2013-09-28 15:12 - 01042066 _____ C:\Users\Stefan.Krämer\Desktop\adwcleaner.exe
2013-09-28 15:10 - 2012-02-09 19:06 - 00067740 _____ C:\Windows\PFRO.log
2013-09-28 15:01 - 2013-09-27 09:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-27 23:12 - 2013-09-25 19:38 - 08448000 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe FRIENDSHIP 2013.qxp
2013-09-27 22:55 - 2013-09-25 19:38 - 08452096 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe MALGRATENSE 2013.qxp
2013-09-27 22:35 - 2012-03-24 02:45 - 00000132 _____ C:\Users\Stefan.Krämer\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-09-27 22:17 - 2013-09-25 19:38 - 08641536 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe VICENC 2013.qxp
2013-09-27 22:04 - 2013-09-26 20:14 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Spielplan Vicenti 2013
2013-09-27 22:04 - 2012-02-03 17:46 - 00000000 ____D C:\Eigene Dateien
2013-09-27 21:54 - 2013-09-27 21:57 - 08641536 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe VICENC 2013 - Kopie.qxp
2013-09-27 21:49 - 2013-09-27 21:49 - 00000000 ____D C:\Windows\SysWOW64\Quark ShapeMaker Presets
2013-09-27 21:49 - 2012-02-06 19:15 - 00054156 ____H C:\Windows\QTFont.qfn
2013-09-27 21:07 - 2012-02-06 15:32 - 00007896 _____ C:\Users\Stefan.Krämer\AppData\Roaming\wklnhst.dat
2013-09-27 21:00 - 2012-02-01 14:49 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-09-27 20:16 - 2013-09-27 20:16 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-27 20:16 - 2013-09-27 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-27 20:16 - 2013-09-27 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 19:28 - 2012-01-31 21:16 - 01526060 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-27 18:58 - 2013-09-27 18:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-27 18:58 - 2013-09-27 18:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-27 18:58 - 2012-02-09 14:11 - 00001912 _____ C:\Windows\epplauncher.mif
2013-09-27 18:43 - 2013-09-27 18:43 - 00018570 _____ C:\ComboFix.txt
2013-09-27 18:43 - 2013-09-27 18:13 - 00000000 ____D C:\Qoobox
2013-09-27 18:43 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-27 18:41 - 2013-09-27 18:13 - 00000000 ____D C:\Windows\erdnt
2013-09-27 18:41 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-27 18:30 - 2013-09-27 18:30 - 05129766 ____R (Swearware) C:\Users\Stefan.Krämer\Desktop\ComboFix.exe
2013-09-27 18:30 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-27 18:09 - 2013-09-27 22:51 - 00045568 _____ C:\Users\Stefan.Krämer\Desktop\Malgrat.wdb
2013-09-27 17:57 - 2013-09-27 17:57 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-09-27 17:57 - 2013-09-27 17:17 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-27 17:44 - 2013-09-27 17:44 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-27 17:37 - 2013-09-27 23:10 - 00040448 _____ C:\Users\Stefan.Krämer\Desktop\Friendship.wdb
2013-09-27 17:08 - 2013-09-27 17:08 - 00000136 _____ C:\Windows\system32\config\netlogon.ftl
2013-09-27 16:58 - 2013-09-27 16:58 - 00000000 ____D C:\Windows\system32\config\amd64
2013-09-27 16:58 - 2013-09-27 16:57 - 00000000 ____D C:\Windows\Temp921C901D-6A78-72B5-9E7D-7E42C1817384-Signatures
2013-09-27 16:56 - 2012-02-03 15:29 - 00000000 ____D C:\Users\Stefan.Krämer
2013-09-27 16:53 - 2013-08-19 09:48 - 00000000 ____D C:\Users\User\updated
2013-09-27 16:53 - 2013-08-15 10:56 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\XnView
2013-09-27 16:53 - 2013-06-10 15:44 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\vlc
2013-09-27 16:53 - 2013-05-27 14:09 - 00000000 ____D C:\Users\User\browser
2013-09-27 16:53 - 2013-01-11 12:33 - 00000000 ____D C:\Program Files (x86)\Advanced IP Scanner v2
2013-09-27 16:53 - 2012-12-06 11:07 - 00000000 ____D C:\Users\User\webapprt
2013-09-27 16:53 - 2012-03-27 09:47 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\TeamViewer
2013-09-27 16:53 - 2012-02-06 18:26 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A.F.5 Rename your files 1.1
2013-09-27 16:53 - 2012-02-06 18:26 - 00000000 ____D C:\Program Files (x86)\A.F.5 Rename your files 1.1
2013-09-27 16:53 - 2012-02-03 15:25 - 00000000 ____D C:\Users\Administrator
2013-09-27 16:53 - 2012-01-31 21:00 - 00000000 ____D C:\Users\User\uninstall
2013-09-27 16:53 - 2009-07-14 20:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-27 16:53 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-27 16:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-27 16:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\security
2013-09-27 16:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-09-27 16:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-09-27 16:51 - 2012-02-03 15:48 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Local\Mozilla
2013-09-27 16:25 - 2013-09-27 16:25 - 00001478 _____ C:\Users\Stefan.Krämer\Desktop\gmer1.txt
2013-09-27 15:45 - 2013-09-27 15:45 - 00001478 _____ C:\Users\Stefan.Krämer\Desktop\gmer.txt
2013-09-27 15:33 - 2013-09-27 15:32 - 00021412 _____ C:\Users\Stefan.Krämer\Desktop\Addition.txt
2013-09-27 15:32 - 2013-09-27 15:32 - 00000000 ____D C:\FRST
2013-09-27 15:31 - 2013-09-27 15:31 - 00000488 _____ C:\Users\Stefan.Krämer\Desktop\defogger_disable.log
2013-09-27 15:31 - 2013-09-27 15:31 - 00000000 _____ C:\Users\Stefan.Krämer\defogger_reenable
2013-09-27 15:18 - 2013-09-27 15:18 - 00194638 _____ C:\Users\Administrator\AppData\Local\census.cache
2013-09-27 15:18 - 2013-09-27 15:18 - 00102938 _____ C:\Users\Administrator\AppData\Local\ars.cache
2013-09-27 15:05 - 2013-09-27 15:05 - 00000036 _____ C:\Users\Administrator\AppData\Local\housecall.guid.cache
2013-09-27 15:03 - 2013-09-27 18:58 - 13842112 _____ (Microsoft Corporation) C:\Users\Stefan.Krämer\Desktop\mseinstall.exe
2013-09-27 14:54 - 2013-09-27 14:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-09-27 14:53 - 2012-02-03 15:26 - 00226456 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-27 11:54 - 2013-09-27 11:54 - 00001161 _____ C:\Users\Stefan.Krämer\Desktop\wscsvc.zip
2013-09-27 11:54 - 2013-09-27 11:54 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\wscsvc
2013-09-27 11:50 - 2013-09-27 11:50 - 00000047 _____ C:\Users\Stefan.Krämer\AppData\Roaming\mbam.context.scan
2013-09-27 11:38 - 2013-09-27 11:50 - 00001150 _____ C:\Users\Stefan.Krämer\Desktop\wscsvc(64).zip
2013-09-27 09:55 - 2013-09-27 09:55 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Malwarebytes
2013-09-27 09:55 - 2013-09-27 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-26 18:43 - 2013-09-26 18:43 - 00000000 ____D C:\Windows\SysWOW64\%APPDATA%
2013-09-26 18:43 - 2012-02-24 11:01 - 00000000 ____D C:\FreePDF_XP
2013-09-26 18:38 - 2013-09-26 18:38 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Local\Google
2013-09-26 13:21 - 2013-09-26 15:59 - 00050688 _____ C:\Users\Stefan.Krämer\Desktop\Vicenti.wdb
2013-09-26 10:47 - 2013-07-31 14:55 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Anmeldeformulare 2014
2013-09-25 18:02 - 2013-09-24 17:30 - 21311488 _____ C:\Users\Stefan.Krämer\Desktop\MAPPE_Bildungsreise 2013.indd
2013-09-20 17:31 - 2013-08-02 09:11 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Preislisten 2014
2013-09-20 17:31 - 2013-01-11 12:43 - 00004922 _____ C:\Users\Stefan.Krämer\advanced_ip_scanner_MAC.bin
2013-09-19 10:57 - 2012-01-31 21:00 - 00001928 _____ C:\Users\User\precomplete
2013-09-19 10:57 - 2012-01-31 21:00 - 00000899 _____ C:\Users\User\softokn3.chk
2013-09-19 10:57 - 2012-01-31 21:00 - 00000899 _____ C:\Users\User\nssdbm3.chk
2013-09-19 10:57 - 2012-01-31 21:00 - 00000899 _____ C:\Users\User\freebl3.chk
2013-09-16 17:55 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-06 12:03 - 2013-09-06 12:03 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Apago
2013-09-06 12:03 - 2013-09-06 12:03 - 00000000 ____D C:\Program Files (x86)\Apago
2013-09-02 16:55 - 2013-09-02 16:55 - 4269171075 ____N C:\Users\Stefan.Krämer\Downloads\B-Jugend_Spiel gegen Leverkusen.zip
2013-08-31 18:19 - 2013-07-05 08:44 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Sommer 2013
2013-08-31 13:45 - 2013-08-31 13:01 - 00011338 _____ C:\Users\Stefan.Krämer\gsview64.ini
2013-08-31 13:01 - 2013-08-31 13:01 - 00000000 ____D C:\Program Files\Ghostgum

Files to move or delete:
====================
ZeroAccess:
C:\Users\Stefan.Krämer\AppData\Local\Google\Desktop\Install
C:\Users\User\D3DCompiler_43.dll
C:\Users\User\msvcp100.dll
C:\Users\User\msvcr100.dll


Some content of TEMP:
====================
C:\Users\Stefan.Krämer\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-23 13:41

==================== End Of Log ============================

--- --- ---

--- --- ---


Soweit scheint alles wieder zu Laufen.
Das einzige, was er noch nicht wieder macht, sind die Windows-Updates. Da sagt er mir, dass er nicht nach Updates suchen kann und gibt mir als Fehler den Code 80073712 an.

schrauber 30.09.2013 09:10

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ZeroAccess:
C:\Users\Stefan.Krämer\AppData\Local\Google\Desktop\Install
C:\Users\User\D3DCompiler_43.dll
C:\Users\User\msvcp100.dll
C:\Users\User\msvcr100.dll


Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



Stefan_Bonn 30.09.2013 09:17

Alles wie gewünscht erledigt; anbei die Logs:


Fixlog
Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2013 02
Ran by Stefan.Krämer at 2013-09-30 10:13:38 Run:1
Running from C:\Users\Stefan.Krämer\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ZeroAccess:
C:\Users\Stefan.Krämer\AppData\Local\Google\Desktop\Install
C:\Users\User\D3DCompiler_43.dll
C:\Users\User\msvcp100.dll
C:\Users\User\msvcr100.dll
*****************

C:\Users\Stefan.Krämer\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Users\User\D3DCompiler_43.dll => Moved successfully.
C:\Users\User\msvcp100.dll => Moved successfully.
C:\Users\User\msvcr100.dll => Moved successfully.

==== End of Fixlog ====

FSS
Code:

Farbar Service Scanner Version: 13-09-2013
Ran by Stefan.Krämer (administrator) on 30-09-2013 at 10:15:28
Running from "C:\Users\Stefan.Krämer\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


schrauber 30.09.2013 16:44

Passt. Frisches FRST log bitte. Noch Probleme?

Stefan_Bonn 30.09.2013 18:46

Danke!
Das einzige, was er noch nicht wieder macht, sind die Windows-Updates. Da sagt er mir, dass er nicht nach Updates suchen kann und gibt mir als Fehler den Code 80073712 an.


FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Stefan.Krämer (administrator) on PC111 on 30-09-2013 19:44:28
Running from C:\Users\Stefan.Krämer\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
() C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-21] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKCU\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1272704 2013-09-03] (Adobe Systems Incorporated)
HKCU\...\Run: [eDial.exe] - C:\Program Files (x86)\Aastra\Office eDial\\eDial.exe [249392 2013-06-20] (Aastra Telecom Schweiz AG)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-05-24] (AMD)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4386336 2008-11-27] (Acronis)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM-x32\...\Run: [CLX3180_Scan2Pc] - C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [1990144 2011-04-29] ()
HKLM-x32\...\Run: [3180 Scan2PC] - C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe [1990144 2011-04-29] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-02-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\Administrator\...\Run: [AdobeBridge] - [x]
HKU\Administrator\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-05-24] (AMD)
HKU\User\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\User\...\Run: [AdobeBridge] - [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBD77D9DA5ED1CD01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x64/MuCatalogWebControl.cab?1328263064448
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Stefan.Krämer\AppData\Roaming\Mozilla\Firefox\Profiles\e9t67xiw.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Stefan.Krämer\AppData\Roaming\Mozilla\Firefox\Profiles\e9t67xiw.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [57344 2011-08-22] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-30] (Windows (R) Server 2003 DDK provider)
R3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-30] (Windows (R) Server 2003 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2012-01-31] (Acronis)
R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2012-01-31] (Acronis)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-30 17:20 - 2013-09-30 17:23 - 00444416 _____ C:\Users\Stefan.Krämer\Desktop\Stundenplan_de_Vicenti.xls
2013-09-30 10:15 - 2013-09-30 10:15 - 00002497 _____ C:\Users\Stefan.Krämer\Desktop\FSS.txt
2013-09-30 10:14 - 2013-09-30 10:14 - 00358923 _____ (Farbar) C:\Users\Stefan.Krämer\Desktop\FSS.exe
2013-09-29 22:36 - 2013-09-29 22:36 - 00000860 _____ C:\Users\Stefan.Krämer\Desktop\checkup.txt
2013-09-29 22:33 - 2013-09-29 22:33 - 00891144 _____ C:\Users\Stefan.Krämer\Desktop\SecurityCheck.exe
2013-09-29 18:14 - 2013-09-29 18:14 - 02347384 _____ (ESET) C:\Users\Stefan.Krämer\Desktop\esetsmartinstaller_enu.exe
2013-09-28 15:22 - 2013-09-28 15:22 - 00000774 _____ C:\Users\Stefan.Krämer\Desktop\JRT.txt
2013-09-28 15:20 - 2013-09-28 15:20 - 01953880 _____ (Farbar) C:\Users\Stefan.Krämer\Desktop\FRST64.exe
2013-09-28 15:19 - 2013-09-28 15:19 - 00000000 ____D C:\Windows\ERUNT
2013-09-28 15:18 - 2013-09-28 15:18 - 01030305 _____ (Thisisu) C:\Users\Stefan.Krämer\Desktop\JRT.exe
2013-09-28 15:16 - 2013-09-28 15:16 - 00002730 _____ C:\Users\Stefan.Krämer\Desktop\AdwCleaner[S0].txt
2013-09-28 15:13 - 2013-09-28 15:13 - 00000000 ____D C:\AdwCleaner
2013-09-28 15:12 - 2013-09-28 15:12 - 01042066 _____ C:\Users\Stefan.Krämer\Desktop\adwcleaner.exe
2013-09-28 15:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-27 23:10 - 2013-09-27 17:37 - 00040448 _____ C:\Users\Stefan.Krämer\Desktop\Friendship.wdb
2013-09-27 22:51 - 2013-09-27 18:09 - 00045568 _____ C:\Users\Stefan.Krämer\Desktop\Malgrat.wdb
2013-09-27 21:57 - 2013-09-27 21:54 - 08641536 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe VICENC 2013 - Kopie.qxp
2013-09-27 21:49 - 2013-09-27 21:49 - 00000000 ____D C:\Windows\SysWOW64\Quark ShapeMaker Presets
2013-09-27 20:16 - 2013-09-27 20:16 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-27 20:16 - 2013-09-27 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-27 20:16 - 2013-09-27 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 18:58 - 2013-09-27 18:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-27 18:58 - 2013-09-27 18:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-27 18:58 - 2013-09-27 15:03 - 13842112 _____ (Microsoft Corporation) C:\Users\Stefan.Krämer\Desktop\mseinstall.exe
2013-09-27 18:43 - 2013-09-27 18:43 - 00018570 _____ C:\ComboFix.txt
2013-09-27 18:30 - 2013-09-27 18:30 - 05129766 ____R (Swearware) C:\Users\Stefan.Krämer\Desktop\ComboFix.exe
2013-09-27 18:14 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-27 18:14 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-27 18:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-27 18:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-27 18:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-27 18:14 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-27 18:14 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-27 18:14 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-27 18:13 - 2013-09-27 18:43 - 00000000 ____D C:\Qoobox
2013-09-27 18:13 - 2013-09-27 18:41 - 00000000 ____D C:\Windows\erdnt
2013-09-27 17:57 - 2013-09-27 17:57 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-09-27 17:50 - 2013-08-01 16:36 - 09819944 _____ (SurfRight B.V.) C:\Users\Stefan.Krämer\Desktop\HitmanPro_x64.exe.BAK
2013-09-27 17:44 - 2013-09-27 17:44 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-27 17:17 - 2013-09-27 17:57 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-27 17:08 - 2013-09-27 17:08 - 00000136 _____ C:\Windows\system32\config\netlogon.ftl
2013-09-27 16:58 - 2013-09-27 16:58 - 00000000 ____D C:\Windows\system32\config\amd64
2013-09-27 16:58 - 2013-07-18 22:22 - 00185664 _____ (Microsoft Corporation) C:\Windows\system32\config\EppManifest.dll
2013-09-27 16:58 - 2013-07-18 20:25 - 00008864 _____ (Microsoft Corporation) C:\Windows\system32\config\setupres.dll
2013-09-27 16:57 - 2013-09-27 16:58 - 00000000 ____D C:\Windows\Temp921C901D-6A78-72B5-9E7D-7E42C1817384-Signatures
2013-09-27 16:25 - 2013-09-27 16:25 - 00001478 _____ C:\Users\Stefan.Krämer\Desktop\gmer1.txt
2013-09-27 15:45 - 2013-09-27 15:45 - 00001478 _____ C:\Users\Stefan.Krämer\Desktop\gmer.txt
2013-09-27 15:32 - 2013-09-27 15:33 - 00021412 _____ C:\Users\Stefan.Krämer\Desktop\Addition.txt
2013-09-27 15:32 - 2013-09-27 15:32 - 00000000 ____D C:\FRST
2013-09-27 15:31 - 2013-09-27 15:31 - 00000488 _____ C:\Users\Stefan.Krämer\Desktop\defogger_disable.log
2013-09-27 15:31 - 2013-09-27 15:31 - 00000000 _____ C:\Users\Stefan.Krämer\defogger_reenable
2013-09-27 15:18 - 2013-09-27 15:18 - 00194638 _____ C:\Users\Administrator\AppData\Local\census.cache
2013-09-27 15:18 - 2013-09-27 15:18 - 00102938 _____ C:\Users\Administrator\AppData\Local\ars.cache
2013-09-27 15:05 - 2013-09-27 15:05 - 00000036 _____ C:\Users\Administrator\AppData\Local\housecall.guid.cache
2013-09-27 14:54 - 2013-09-27 14:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-09-27 11:54 - 2013-09-27 11:54 - 00001161 _____ C:\Users\Stefan.Krämer\Desktop\wscsvc.zip
2013-09-27 11:54 - 2013-09-27 11:54 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\wscsvc
2013-09-27 11:50 - 2013-09-27 11:50 - 00000047 _____ C:\Users\Stefan.Krämer\AppData\Roaming\mbam.context.scan
2013-09-27 11:50 - 2013-09-27 11:38 - 00001150 _____ C:\Users\Stefan.Krämer\Desktop\wscsvc(64).zip
2013-09-27 09:55 - 2013-09-28 15:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-27 09:55 - 2013-09-27 09:55 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Malwarebytes
2013-09-27 09:55 - 2013-09-27 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-26 20:14 - 2013-09-27 22:04 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Spielplan Vicenti 2013
2013-09-26 18:43 - 2013-09-26 18:43 - 00000000 ____D C:\Windows\SysWOW64\%APPDATA%
2013-09-26 18:38 - 2013-09-26 18:38 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Local\Google
2013-09-26 15:59 - 2013-09-26 13:21 - 00050688 _____ C:\Users\Stefan.Krämer\Desktop\Vicenti.wdb
2013-09-25 19:38 - 2013-09-30 10:51 - 08642560 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe VICENC 2013.qxp
2013-09-25 19:38 - 2013-09-27 23:12 - 08448000 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe FRIENDSHIP 2013.qxp
2013-09-25 19:38 - 2013-09-27 22:55 - 08452096 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe MALGRATENSE 2013.qxp
2013-09-24 17:30 - 2013-09-25 18:02 - 21311488 _____ C:\Users\Stefan.Krämer\Desktop\MAPPE_Bildungsreise 2013.indd
2013-09-24 17:05 - 2012-10-09 11:15 - 24485888 _____ C:\Users\Stefan.Krämer\Desktop\MAPPE_Bildungsreise 2012.indd
2013-09-06 12:03 - 2013-09-06 12:03 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Apago
2013-09-06 12:03 - 2013-09-06 12:03 - 00000000 ____D C:\Program Files (x86)\Apago
2013-09-02 16:55 - 2013-09-02 16:55 - 4269171075 ____N C:\Users\Stefan.Krämer\Downloads\B-Jugend_Spiel gegen Leverkusen.zip
2013-08-31 13:01 - 2013-08-31 13:45 - 00011338 _____ C:\Users\Stefan.Krämer\gsview64.ini
2013-08-31 13:01 - 2013-08-31 13:01 - 00000000 ____D C:\Program Files\Ghostgum

==================== One Month Modified Files and Folders =======

2013-09-30 17:23 - 2013-09-30 17:20 - 00444416 _____ C:\Users\Stefan.Krämer\Desktop\Stundenplan_de_Vicenti.xls
2013-09-30 17:22 - 2012-02-24 11:01 - 00000000 ____D C:\FreePDF_XP
2013-09-30 10:51 - 2013-09-25 19:38 - 08642560 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe VICENC 2013.qxp
2013-09-30 10:15 - 2013-09-30 10:15 - 00002497 _____ C:\Users\Stefan.Krämer\Desktop\FSS.txt
2013-09-30 10:14 - 2013-09-30 10:14 - 00358923 _____ (Farbar) C:\Users\Stefan.Krämer\Desktop\FSS.exe
2013-09-30 09:33 - 2012-01-31 20:18 - 01344957 _____ C:\Windows\WindowsUpdate.log
2013-09-30 09:33 - 2009-07-14 06:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-30 09:33 - 2009-07-14 06:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-30 09:25 - 2012-02-09 19:06 - 00068566 _____ C:\Windows\PFRO.log
2013-09-30 09:25 - 2012-02-09 19:06 - 00048112 _____ C:\Windows\setupact.log
2013-09-30 09:25 - 2012-01-31 20:50 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-09-30 09:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-29 22:36 - 2013-09-29 22:36 - 00000860 _____ C:\Users\Stefan.Krämer\Desktop\checkup.txt
2013-09-29 22:33 - 2013-09-29 22:33 - 00891144 _____ C:\Users\Stefan.Krämer\Desktop\SecurityCheck.exe
2013-09-29 18:14 - 2013-09-29 18:14 - 02347384 _____ (ESET) C:\Users\Stefan.Krämer\Desktop\esetsmartinstaller_enu.exe
2013-09-29 18:14 - 2009-07-14 19:58 - 00657438 _____ C:\Windows\system32\perfh007.dat
2013-09-29 18:14 - 2009-07-14 19:58 - 00130810 _____ C:\Windows\system32\perfc007.dat
2013-09-29 18:14 - 2009-07-14 07:13 - 01507106 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-28 15:22 - 2013-09-28 15:22 - 00000774 _____ C:\Users\Stefan.Krämer\Desktop\JRT.txt
2013-09-28 15:20 - 2013-09-28 15:20 - 01953880 _____ (Farbar) C:\Users\Stefan.Krämer\Desktop\FRST64.exe
2013-09-28 15:19 - 2013-09-28 15:19 - 00000000 ____D C:\Windows\ERUNT
2013-09-28 15:18 - 2013-09-28 15:18 - 01030305 _____ (Thisisu) C:\Users\Stefan.Krämer\Desktop\JRT.exe
2013-09-28 15:16 - 2013-09-28 15:16 - 00002730 _____ C:\Users\Stefan.Krämer\Desktop\AdwCleaner[S0].txt
2013-09-28 15:13 - 2013-09-28 15:13 - 00000000 ____D C:\AdwCleaner
2013-09-28 15:12 - 2013-09-28 15:12 - 01042066 _____ C:\Users\Stefan.Krämer\Desktop\adwcleaner.exe
2013-09-28 15:01 - 2013-09-27 09:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-27 23:12 - 2013-09-25 19:38 - 08448000 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe FRIENDSHIP 2013.qxp
2013-09-27 22:55 - 2013-09-25 19:38 - 08452096 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe MALGRATENSE 2013.qxp
2013-09-27 22:35 - 2012-03-24 02:45 - 00000132 _____ C:\Users\Stefan.Krämer\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-09-27 22:04 - 2013-09-26 20:14 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Spielplan Vicenti 2013
2013-09-27 22:04 - 2012-02-03 17:46 - 00000000 ____D C:\Eigene Dateien
2013-09-27 21:54 - 2013-09-27 21:57 - 08641536 _____ C:\Users\Stefan.Krämer\Desktop\SPANIEN_Mappe VICENC 2013 - Kopie.qxp
2013-09-27 21:49 - 2013-09-27 21:49 - 00000000 ____D C:\Windows\SysWOW64\Quark ShapeMaker Presets
2013-09-27 21:49 - 2012-02-06 19:15 - 00054156 ____H C:\Windows\QTFont.qfn
2013-09-27 21:07 - 2012-02-06 15:32 - 00007896 _____ C:\Users\Stefan.Krämer\AppData\Roaming\wklnhst.dat
2013-09-27 21:00 - 2012-02-01 14:49 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-09-27 20:16 - 2013-09-27 20:16 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-27 20:16 - 2013-09-27 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-27 20:16 - 2013-09-27 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 19:28 - 2012-01-31 21:16 - 01526060 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-27 18:58 - 2013-09-27 18:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-27 18:58 - 2013-09-27 18:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-27 18:58 - 2012-02-09 14:11 - 00001912 _____ C:\Windows\epplauncher.mif
2013-09-27 18:43 - 2013-09-27 18:43 - 00018570 _____ C:\ComboFix.txt
2013-09-27 18:43 - 2013-09-27 18:13 - 00000000 ____D C:\Qoobox
2013-09-27 18:43 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-27 18:41 - 2013-09-27 18:13 - 00000000 ____D C:\Windows\erdnt
2013-09-27 18:41 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-27 18:30 - 2013-09-27 18:30 - 05129766 ____R (Swearware) C:\Users\Stefan.Krämer\Desktop\ComboFix.exe
2013-09-27 18:30 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-27 18:09 - 2013-09-27 22:51 - 00045568 _____ C:\Users\Stefan.Krämer\Desktop\Malgrat.wdb
2013-09-27 17:57 - 2013-09-27 17:57 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-09-27 17:57 - 2013-09-27 17:17 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-27 17:44 - 2013-09-27 17:44 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-27 17:37 - 2013-09-27 23:10 - 00040448 _____ C:\Users\Stefan.Krämer\Desktop\Friendship.wdb
2013-09-27 17:08 - 2013-09-27 17:08 - 00000136 _____ C:\Windows\system32\config\netlogon.ftl
2013-09-27 16:58 - 2013-09-27 16:58 - 00000000 ____D C:\Windows\system32\config\amd64
2013-09-27 16:58 - 2013-09-27 16:57 - 00000000 ____D C:\Windows\Temp921C901D-6A78-72B5-9E7D-7E42C1817384-Signatures
2013-09-27 16:56 - 2012-02-03 15:29 - 00000000 ____D C:\Users\Stefan.Krämer
2013-09-27 16:53 - 2013-08-19 09:48 - 00000000 ____D C:\Users\User\updated
2013-09-27 16:53 - 2013-08-15 10:56 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\XnView
2013-09-27 16:53 - 2013-06-10 15:44 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\vlc
2013-09-27 16:53 - 2013-05-27 14:09 - 00000000 ____D C:\Users\User\browser
2013-09-27 16:53 - 2013-01-11 12:33 - 00000000 ____D C:\Program Files (x86)\Advanced IP Scanner v2
2013-09-27 16:53 - 2012-12-06 11:07 - 00000000 ____D C:\Users\User\webapprt
2013-09-27 16:53 - 2012-03-27 09:47 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\TeamViewer
2013-09-27 16:53 - 2012-02-06 18:26 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A.F.5 Rename your files 1.1
2013-09-27 16:53 - 2012-02-06 18:26 - 00000000 ____D C:\Program Files (x86)\A.F.5 Rename your files 1.1
2013-09-27 16:53 - 2012-02-03 15:25 - 00000000 ____D C:\Users\Administrator
2013-09-27 16:53 - 2012-01-31 21:00 - 00000000 ____D C:\Users\User\uninstall
2013-09-27 16:53 - 2009-07-14 20:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-27 16:53 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-27 16:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-27 16:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\security
2013-09-27 16:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-09-27 16:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-09-27 16:51 - 2012-02-03 15:48 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Local\Mozilla
2013-09-27 16:25 - 2013-09-27 16:25 - 00001478 _____ C:\Users\Stefan.Krämer\Desktop\gmer1.txt
2013-09-27 15:45 - 2013-09-27 15:45 - 00001478 _____ C:\Users\Stefan.Krämer\Desktop\gmer.txt
2013-09-27 15:33 - 2013-09-27 15:32 - 00021412 _____ C:\Users\Stefan.Krämer\Desktop\Addition.txt
2013-09-27 15:32 - 2013-09-27 15:32 - 00000000 ____D C:\FRST
2013-09-27 15:31 - 2013-09-27 15:31 - 00000488 _____ C:\Users\Stefan.Krämer\Desktop\defogger_disable.log
2013-09-27 15:31 - 2013-09-27 15:31 - 00000000 _____ C:\Users\Stefan.Krämer\defogger_reenable
2013-09-27 15:18 - 2013-09-27 15:18 - 00194638 _____ C:\Users\Administrator\AppData\Local\census.cache
2013-09-27 15:18 - 2013-09-27 15:18 - 00102938 _____ C:\Users\Administrator\AppData\Local\ars.cache
2013-09-27 15:05 - 2013-09-27 15:05 - 00000036 _____ C:\Users\Administrator\AppData\Local\housecall.guid.cache
2013-09-27 15:03 - 2013-09-27 18:58 - 13842112 _____ (Microsoft Corporation) C:\Users\Stefan.Krämer\Desktop\mseinstall.exe
2013-09-27 14:54 - 2013-09-27 14:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-09-27 14:53 - 2012-02-03 15:26 - 00226456 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-27 11:54 - 2013-09-27 11:54 - 00001161 _____ C:\Users\Stefan.Krämer\Desktop\wscsvc.zip
2013-09-27 11:54 - 2013-09-27 11:54 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\wscsvc
2013-09-27 11:50 - 2013-09-27 11:50 - 00000047 _____ C:\Users\Stefan.Krämer\AppData\Roaming\mbam.context.scan
2013-09-27 11:38 - 2013-09-27 11:50 - 00001150 _____ C:\Users\Stefan.Krämer\Desktop\wscsvc(64).zip
2013-09-27 09:55 - 2013-09-27 09:55 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Malwarebytes
2013-09-27 09:55 - 2013-09-27 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-26 18:43 - 2013-09-26 18:43 - 00000000 ____D C:\Windows\SysWOW64\%APPDATA%
2013-09-26 18:38 - 2013-09-26 18:38 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Local\Google
2013-09-26 13:21 - 2013-09-26 15:59 - 00050688 _____ C:\Users\Stefan.Krämer\Desktop\Vicenti.wdb
2013-09-26 10:47 - 2013-07-31 14:55 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Anmeldeformulare 2014
2013-09-25 18:02 - 2013-09-24 17:30 - 21311488 _____ C:\Users\Stefan.Krämer\Desktop\MAPPE_Bildungsreise 2013.indd
2013-09-20 17:31 - 2013-08-02 09:11 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Preislisten 2014
2013-09-20 17:31 - 2013-01-11 12:43 - 00004922 _____ C:\Users\Stefan.Krämer\advanced_ip_scanner_MAC.bin
2013-09-19 10:57 - 2012-01-31 21:00 - 00001928 _____ C:\Users\User\precomplete
2013-09-19 10:57 - 2012-01-31 21:00 - 00000899 _____ C:\Users\User\softokn3.chk
2013-09-19 10:57 - 2012-01-31 21:00 - 00000899 _____ C:\Users\User\nssdbm3.chk
2013-09-19 10:57 - 2012-01-31 21:00 - 00000899 _____ C:\Users\User\freebl3.chk
2013-09-16 17:55 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-06 12:03 - 2013-09-06 12:03 - 00000000 ____D C:\Users\Stefan.Krämer\AppData\Roaming\Apago
2013-09-06 12:03 - 2013-09-06 12:03 - 00000000 ____D C:\Program Files (x86)\Apago
2013-09-02 16:55 - 2013-09-02 16:55 - 4269171075 ____N C:\Users\Stefan.Krämer\Downloads\B-Jugend_Spiel gegen Leverkusen.zip
2013-08-31 18:19 - 2013-07-05 08:44 - 00000000 ____D C:\Users\Stefan.Krämer\Desktop\Sommer 2013
2013-08-31 13:45 - 2013-08-31 13:01 - 00011338 _____ C:\Users\Stefan.Krämer\gsview64.ini
2013-08-31 13:01 - 2013-08-31 13:01 - 00000000 ____D C:\Program Files\Ghostgum

Some content of TEMP:
====================
C:\Users\Stefan.Krämer\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-23 13:41

==================== End Of Log ============================

--- --- ---

schrauber 01.10.2013 16:02

Downloade dir bitte Windows Repair (All In One) von hier.

Stefan_Bonn 01.10.2013 16:56

Hallo,

alles soweit gemacht wie gewünscht, wobei er die sfc-Sache nicht gemacht hat. Hat er abgebrochen.

Nachtrag: Update macht er immer noch nicht!

schrauber 01.10.2013 19:20

Frisches FSS log bitte. Was genau kommt jetzt an Fehlermeldung wenn Du updaten willst?

Stefan_Bonn 01.10.2013 19:38

Liste der Anhänge anzeigen (Anzahl: 1)
Danke!

Hier das Log
Code:

Farbar Service Scanner Version: 13-09-2013
Ran by Stefan.Krämer (administrator) on 01-10-2013 at 20:25:46
Running from "C:\Users\Stefan.Krämer\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Immer noch dieselbe Meldung. Hab mal ein Screenshot gemacht!
Anhang 60836


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132