Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bundestrojaner rundll (https://www.trojaner-board.de/137480-bundestrojaner-rundll.html)

cristianeF 30.06.2013 19:28
Bundestrojaner rundll
 
Hallo Board
habe mir heute den Bundestrojaner gefangen. Das Tool removeFakeAntivirus und auch Kaspersky removal tool waren der Meinung es wäre die rundll32, die kommt nach Neustart aber wieder, und der betroffenen User kann nichts mehr machen.
Wäre prima, Ihr könntet mir helfen.

schrauber 30.06.2013 20:00
Hi,

welches Betriebsystem?

cristianeF 30.06.2013 20:12
Win7 prof. 64bit (sorry)

schrauber 30.06.2013 21:19
Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

cristianeF 30.06.2013 23:39
Hier das Log vom FRST64

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03
Ran by SYSTEM on 30-06-2013 23:47:20
Running from M:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x]
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [1875048 2011-02-24] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Bonus.SSR.FR10] "C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun [941320 2009-12-20] (ABBYY.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [825560 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-09-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-05-15] (Autodesk, Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [552960 2009-02-27] ()
HKLM-x32\...\Run: [3170 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe" [503808 2009-01-30] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKU\Administrator\...\Run: [AdobeBridge]  [x]
HKU\Administrator\...\Run: [Akamai NetSession Interface] "C:\Users\mpg.MMESSE\AppData\Local\Akamai\netsession_win.exe" [x]
HKU\Administrator\...\Run: [Ewecziuq] C:\Users\Administrator\AppData\Roaming\Uwunew\atva.exe [x]
HKU\mpg\...\Run: [Spotify Web Helper] "C:\Users\mpg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-30] (Spotify Ltd)
HKU\mpg\...\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\d6zcoe.dat,XFG00 [139264 2013-06-30] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll  [139264 2013-06-30] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\mpg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\mpg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~3\d6zcoe.dat (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 ABBYY.Licensing.FineReader.Corporate.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [814344 2009-12-19] (ABBYY)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [375760 2012-09-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-09-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-09-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-09-18] (Avira Operations GmbH & Co. KG)
S2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
S2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
S2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [508848 2011-05-09] (REINER SCT)
S2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [563712 2011-07-22] (Hauppauge Computer Works)
S2 IPClampService; C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe [45700 2007-11-20] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
S2 softOSD; C:\Program Files (x86)\softOSD\softOSD.exe [291384 2010-12-18] (EnTech Taiwan)
S2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 STRATO HiDrive Service; C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO)
S3 TDslMgrService; C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH)
S2 SearchAnonymizer; "C:\Users\mpg.MMESSE\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe" [x]
S3 VPREMOTE; C:\TEMP\Clt-Inst\vpremote.exe [x]

==================== Drivers (Whitelisted) ====================

S3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC64.SYS [3491616 2009-06-18] (Realtek Semiconductor Corp.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-09-18] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-09-18] (Avira GmbH)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-09-18] (Avira GmbH)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics)
S1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [19008 2007-08-01] (T-Systems Enterprise Services GmbH)
S3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2010-08-16] (Hauppauge Computer Works, Inc.)
S3 libusb0; C:\Windows\SysWow64\drivers\libusb0.sys [32256 2009-06-24] (hxxp://libusb-win32.sourceforge.net)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2010-03-30] (AVM Berlin)
S1 se64a; C:\Windows\System32\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
S1 se64a; C:\Windows\SysWow64\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
S3 libusb0; system32\drivers\libusb0.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-30 23:47 - 2013-06-30 23:47 - 00000000 ____D C:\FRST
2013-06-30 18:54 - 2013-06-30 18:54 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-30 18:40 - 2013-06-30 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-06-30 18:15 - 2013-06-30 18:15 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-30 18:15 - 2013-06-30 18:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-30 18:15 - 2013-04-04 13:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-30 16:55 - 2013-06-30 16:55 - 00000000 ____D C:\Stinger_Quarantine
2013-06-30 16:54 - 2013-06-30 18:14 - 00000000 ____D C:\Program Files\stinger
2013-06-30 16:44 - 2013-06-30 18:14 - 00000000 ____D C:\virusweg
2013-06-30 16:36 - 2013-06-30 16:36 - 00002679 ____A C:\ProgramData\eocz6d.js
2013-06-30 15:05 - 2013-06-30 18:09 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-30 11:01 - 2013-06-30 11:01 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2
2013-06-30 11:01 - 2013-06-30 11:01 - 00000000 ___HD C:\ProgramData\CanonEPP
2013-06-30 10:54 - 2013-06-30 18:57 - 95023320 ___AT C:\ProgramData\eocz6d.pad
2013-06-30 10:54 - 2013-06-30 18:54 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-30 10:54 - 2013-06-30 10:54 - 00139264 ____A (Microsoft Corporation) C:\Users\mpg\3797871.dll
2013-06-30 10:54 - 2013-06-30 10:54 - 00139264 ____A (Microsoft Corporation) C:\ProgramData\d6zcoe.dat
2013-06-30 10:54 - 2013-06-30 10:54 - 00001007 ____A C:\ProgramData\sdaksda.txt
2013-06-30 10:54 - 2013-06-30 10:54 - 00000152 ____A C:\ProgramData\eocz6d.reg
2013-06-30 10:54 - 2013-06-30 10:54 - 00000057 ____A C:\ProgramData\eocz6d.bat
2013-06-24 22:14 - 2013-06-24 22:14 - 00000000 ____D C:\Users\mpg\Application Data\Adobe
2013-06-23 11:51 - 2013-05-08 07:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-23 11:50 - 2013-06-08 13:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-23 11:50 - 2013-06-08 12:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-23 11:50 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-23 11:50 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-23 11:50 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-23 11:50 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-23 11:50 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-23 11:50 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-23 11:50 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-23 11:50 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-23 11:50 - 2013-05-17 01:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-23 11:50 - 2013-05-17 01:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-23 11:50 - 2013-05-17 01:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-23 11:50 - 2013-05-17 01:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-23 11:50 - 2013-05-17 01:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-23 11:50 - 2013-05-17 01:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-23 11:50 - 2013-05-17 01:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-23 11:50 - 2013-05-17 01:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-23 11:50 - 2013-05-17 01:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-23 11:50 - 2013-05-14 13:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-23 11:50 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-23 11:50 - 2013-04-26 06:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-23 11:50 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-23 11:49 - 2013-06-08 15:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-23 11:49 - 2013-06-08 15:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-23 11:49 - 2013-06-08 15:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-23 11:49 - 2013-06-08 15:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-23 11:49 - 2013-06-08 15:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-23 11:49 - 2013-06-08 12:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-23 11:49 - 2013-06-08 12:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-23 11:49 - 2013-06-08 12:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-23 11:49 - 2013-06-08 12:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-23 11:49 - 2013-06-08 12:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-23 11:49 - 2013-05-13 06:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-23 11:49 - 2013-05-13 06:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-23 11:49 - 2013-05-13 06:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-23 11:49 - 2013-05-13 06:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-23 11:49 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-23 11:49 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-23 11:49 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-23 11:49 - 2013-05-13 04:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-23 11:49 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-23 11:49 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-03 22:33 - 2013-06-03 22:33 - 00000000 ____D C:\Users\mpg\AppData\Local\sabnzbd
2013-06-03 13:24 - 2013-06-03 13:24 - 00000112 ____A C:\ProgramData\46MBnfW.dat
2013-06-03 13:24 - 2013-06-03 13:24 - 00000001 ____A C:\ProgramData\5n443ejv.exe_.b
2013-06-03 13:24 - 2013-06-03 13:24 - 00000001 ____A C:\ProgramData\5n443ejv.exe.b

==================== One Month Modified Files and Folders =======

2013-06-30 23:47 - 2013-06-30 23:47 - 00000000 ____D C:\FRST
2013-06-30 22:41 - 2011-07-31 18:17 - 01860354 ____A C:\Windows\WindowsUpdate.log
2013-06-30 22:34 - 2013-03-26 22:59 - 00000285 ____A C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-06-30 22:34 - 2011-09-05 11:29 - 00000000 ____D C:\Program Files (x86)\ABBYY FineReader 10
2013-06-30 22:30 - 2011-04-12 08:43 - 00757366 ____A C:\Windows\System32\perfh007.dat
2013-06-30 22:30 - 2011-04-12 08:43 - 00172838 ____A C:\Windows\System32\perfc007.dat
2013-06-30 22:30 - 2009-07-14 06:13 - 01769856 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-30 22:11 - 2012-05-28 10:10 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-30 21:58 - 2013-02-07 20:48 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-30 20:11 - 2013-02-07 20:48 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-30 19:05 - 2009-07-14 05:45 - 00031888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-30 19:05 - 2009-07-14 05:45 - 00031888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-30 18:59 - 2011-10-26 09:47 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-30 18:59 - 2011-07-31 18:40 - 00000120 ____A C:\Windows\System32\config\netlogon.ftl
2013-06-30 18:59 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-30 18:58 - 2013-05-26 12:20 - 00001593 ____A C:\Windows\setupact.log
2013-06-30 18:57 - 2013-06-30 10:54 - 95023320 ___AT C:\ProgramData\eocz6d.pad
2013-06-30 18:54 - 2013-06-30 18:54 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-30 18:54 - 2013-06-30 10:54 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-30 18:52 - 2012-09-18 17:53 - 00016826 ____A C:\Windows\PFRO.log
2013-06-30 18:40 - 2013-06-30 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-06-30 18:15 - 2013-06-30 18:15 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-30 18:15 - 2013-06-30 18:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-30 18:14 - 2013-06-30 16:54 - 00000000 ____D C:\Program Files\stinger
2013-06-30 18:14 - 2013-06-30 16:44 - 00000000 ____D C:\virusweg
2013-06-30 18:09 - 2013-06-30 15:05 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-30 16:55 - 2013-06-30 16:55 - 00000000 ____D C:\Stinger_Quarantine
2013-06-30 16:36 - 2013-06-30 16:36 - 00002679 ____A C:\ProgramData\eocz6d.js
2013-06-30 11:01 - 2013-06-30 11:01 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2
2013-06-30 11:01 - 2013-06-30 11:01 - 00000000 ___HD C:\ProgramData\CanonEPP
2013-06-30 10:54 - 2013-06-30 10:54 - 00139264 ____A (Microsoft Corporation) C:\Users\mpg\3797871.dll
2013-06-30 10:54 - 2013-06-30 10:54 - 00139264 ____A (Microsoft Corporation) C:\ProgramData\d6zcoe.dat
2013-06-30 10:54 - 2013-06-30 10:54 - 00001007 ____A C:\ProgramData\sdaksda.txt
2013-06-30 10:54 - 2013-06-30 10:54 - 00000152 ____A C:\ProgramData\eocz6d.reg
2013-06-30 10:54 - 2013-06-30 10:54 - 00000057 ____A C:\ProgramData\eocz6d.bat
2013-06-30 10:54 - 2013-03-26 22:58 - 00000000 ____D C:\users\mpg
2013-06-30 10:49 - 2011-08-20 18:18 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-06-27 08:31 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-06-25 17:12 - 2013-05-30 11:19 - 00000000 ____D C:\Users\mpg\AppData\Roaming\DVDVideoSoft
2013-06-24 23:00 - 2012-10-10 02:37 - 00000000 ____D C:\Windows\rescache
2013-06-24 22:14 - 2013-06-24 22:14 - 00000000 ____D C:\Users\mpg\Application Data\Adobe
2013-06-24 13:14 - 2012-02-07 17:01 - 00000000 ____D C:\Program Files (x86)\StarMoney 8.0
2013-06-19 22:06 - 2012-09-15 22:58 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-12 15:11 - 2012-05-28 10:10 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 15:11 - 2011-08-01 01:05 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-08 15:08 - 2013-06-23 11:49 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 15:07 - 2013-06-23 11:49 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 15:06 - 2013-06-23 11:49 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 15:06 - 2013-06-23 11:49 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 15:06 - 2013-06-23 11:49 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:28 - 2013-06-23 11:50 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 12:42 - 2013-06-23 11:49 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 12:40 - 2013-06-23 11:49 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 12:40 - 2013-06-23 11:49 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 12:40 - 2013-06-23 11:49 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 12:40 - 2013-06-23 11:49 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 12:13 - 2013-06-23 11:50 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 17:14 - 2013-05-30 00:16 - 00000000 ____D C:\Users\mpg\AppData\Roaming\Spotify
2013-06-05 17:13 - 2013-05-30 00:16 - 00000000 ____D C:\Users\mpg\AppData\Local\Spotify
2013-06-03 22:33 - 2013-06-03 22:33 - 00000000 ____D C:\Users\mpg\AppData\Local\sabnzbd
2013-06-03 16:32 - 2012-01-10 20:39 - 00000000 ____D C:\ProgramData\DVD Shrink
2013-06-03 13:24 - 2013-06-03 13:24 - 00000112 ____A C:\ProgramData\46MBnfW.dat
2013-06-03 13:24 - 2013-06-03 13:24 - 00000001 ____A C:\ProgramData\5n443ejv.exe_.b
2013-06-03 13:24 - 2013-06-03 13:24 - 00000001 ____A C:\ProgramData\5n443ejv.exe.b
2013-06-01 12:56 - 2013-03-26 22:58 - 00000858 _RASH C:\Users\mpg\ntuser.pol
2013-05-31 14:09 - 2013-03-26 22:59 - 00000000 ____D C:\Users\mpg\AppData\Roaming\Apple Computer

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\Users\mpg\3797871.dll
C:\ProgramData\46MBnfW.dat
C:\ProgramData\d6zcoe.dat
C:\ProgramData\eocz6d.bat
C:\ProgramData\eocz6d.pad
C:\ProgramData\eocz6d.reg

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-28 23:19:38

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4095.55 MB
Available physical RAM: 3435.3 MB
Total Pagefile: 4093.75 MB
Available Pagefile: 3429.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:69.25 GB) (Free:3.39 GB) NTFS (Disk=3 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive e: (DASI) (Fixed) (Total:49.01 GB) (Free:8.15 GB) NTFS (Disk=0 Partition=2)
Drive f: (MEDIA) (Fixed) (Total:98.45 GB) (Free:93.5 GB) NTFS (Disk=0 Partition=3)
Drive g: (REST) (Fixed) (Total:83 GB) (Free:43.92 GB) NTFS (Disk=0 Partition=4)
Drive h: (MUSIC) (Fixed) (Total:100.59 GB) (Free:99.79 GB) NTFS (Disk=1 Partition=1)
Drive i: (VIDEO) (Fixed) (Total:197.49 GB) (Free:196.7 GB) NTFS (Disk=1 Partition=2)
Drive j: (NewMedia) (Fixed) (Total:1397.26 GB) (Free:830.68 GB) NTFS (Disk=2 Partition=1)
Drive m: (USB DISK) (Removable) (Total:28.85 GB) (Free:28.82 GB) FAT32 (Disk=4 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (INSTALL) (Fixed) (Total:49.01 GB) (Free:24.06 GB) NTFS (Disk=0 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 279 GB) (Disk ID: 9ECAD516)
Partition 1: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=230 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 55E67A65)
Partition 1: (Not Active) - (Size=298 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: ABD923D5)
Partition 1: (Not Active) - (Size=-698723409920) - (Type=OF Extended)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 69 GB) (Disk ID: 19581957)
Partition 1: (Active) - (Size=69 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 29 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=29 GB) - (Type=0C)


LastRegBack: 2013-06-22 23:59

==================== End Of Log ============================
--- --- ---

schrauber 01.07.2013 08:28
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
HKU\Administrator\...\Run: [Ewecziuq] C:\Users\Administrator\AppData\Roaming\Uwunew\atva.exe [x]
HKU\mpg\...\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\d6zcoe.dat,XFG00 [139264 2013-06-30] (Microsoft Corporation)
2013-06-30 18:54 - 2013-06-30 18:54 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
C:\ProgramData\rundll32.exe
C:\Users\mpg\3797871.dll
C:\ProgramData\46MBnfW.dat
C:\ProgramData\d6zcoe.dat
C:\ProgramData\eocz6d.bat
C:\ProgramData\eocz6d.pad
C:\ProgramData\eocz6d.reg
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

cristianeF 01.07.2013 09:07
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-06-2013 03
Ran by SYSTEM at 2013-07-01 09:59:57 Run:1
Running from M:\
Boot Mode: Recovery
==============================================

HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\Ewecziuq => Value deleted successfully.
HKU\mpg\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon32.exe => Value deleted successfully.
C:\ProgramData\rundll32.exe => Moved successfully.
C:\ProgramData\rundll32.exe => File/Directory not found.
C:\Users\mpg\3797871.dll => Moved successfully.
C:\ProgramData\46MBnfW.dat => Moved successfully.
C:\ProgramData\d6zcoe.dat => Moved successfully.
C:\ProgramData\eocz6d.bat => Moved successfully.
C:\ProgramData\eocz6d.pad => Moved successfully.
C:\ProgramData\eocz6d.reg => Moved successfully.

==== End of Fixlog ====

schrauber 01.07.2013 12:45
Neu booten? :)

cristianeF 01.07.2013 15:17
Trojaner zeigt sich erst mal nicht mehr. Prima. Kleine Fehlermeldung:
"Problem beim Starten von C:\PROG....\d6zcoe.dat
Das angegebene Modul wurde nicht gefunden."
Gruß

schrauber 01.07.2013 16:11
Das bekommen wir auch noch hin :)

Ab jetzt alles im normalen Windows.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

cristianeF 01.07.2013 22:53
Code:
# AdwCleaner v2.303 - Datei am 01/07/2013 um 18:06:07 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Administrator - ALPHA2011
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Administrator\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : SearchAnonymizer

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\mpg\Desktop\QuickStores.url
Gelöscht mit Neustart : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Ilivid
Ordner Gelöscht : C:\Program Files (x86)\iMesh Applications

***** [Registrierungsdatenbank] *****

Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll
Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\iMesh.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ilivid
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{ec96f516-51b2-4b46-8451-8665f5a6ba2b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{f07fbd3e-2048-44a4-9065-71bf551e2672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{69d3f709-9de2-479f-980f-532d46895703}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{69d3f709-9de2-479f-980f-532d46895703}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [6967 octets] - [01/07/2013 18:06:07]

########## EOF - C:\AdwCleaner[S1].txt - [7027 octets] ##########
Guten Abend Schrauber
hier die logs

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2013 02
Ran by Administrator (administrator) on 01-07-2013 18:28:23
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
() C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(EnTech Taiwan) C:\Program Files (x86)\softOSD\softOSD.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(STRATO) C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(EnTech Taiwan) C:\Windows\SysWOW64\softLCP.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Administrator\Desktop\FRST64new.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x]
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [1875048 2011-02-24] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [AdobeBridge]  [x]
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\mpg.MMESSE\AppData\Local\Akamai\netsession_win.exe" [x]
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: L - L:\unlock.exe autoplay=true
MountPoints2: {4136042a-bbc5-11e0-a147-0024013171b5} - N:\unlock.exe autoplay=true
MountPoints2: {810525ff-bb98-11e0-adb5-806e6f6e6963} - D:\.\windows\setup.exe .\windows
HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Bonus.SSR.FR10] "C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun [941320 2009-12-20] (ABBYY.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [825560 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-09-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-05-15] (Autodesk, Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [552960 2009-02-27] ()
HKLM-x32\...\Run: [3170 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe" [503808 2009-01-30] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKU\mpg\...\Run: [Spotify Web Helper] "C:\Users\mpg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-30] (Spotify Ltd)
AppInit_DLLs:  [0 ] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\mpg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\mpg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~3\d6zcoe.dat (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {15FCF558-7232-452B-B412-5C61395E81A4} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=44e5bc6e-1d36-4a01-9bba-adf1023fdf9c&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {5E46E83A-C00D-4CBB-A2BD-856BB1ED1E5C} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=44e5bc6e-1d36-4a01-9bba-adf1023fdf9c&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {A551C53C-47B4-4624-9142-30009AD71DAB} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=44e5bc6e-1d36-4a01-9bba-adf1023fdf9c&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {EE74DC6C-D4DC-4FC1-9582-14EE58677418} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=44e5bc6e-1d36-4a01-9bba-adf1023fdf9c&pid=freewarede&mode=bounce&k=0
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///D:/viewer/ORDcmViewCD.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{59A51923-1C7E-49C0-AEF1-CB4EBDEDF5EA}: [NameServer]192.168.1.1,192.168.1.254

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Corporate.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [814344 2009-12-19] (ABBYY)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [375760 2012-09-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-09-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-09-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-09-18] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [508848 2011-05-09] (REINER SCT)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [563712 2011-07-22] (Hauppauge Computer Works)
R2 IPClampService; C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe [45700 2007-11-20] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 softOSD; C:\Program Files (x86)\softOSD\softOSD.exe [291384 2010-12-18] (EnTech Taiwan)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 STRATO HiDrive Service; C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO)
S3 TDslMgrService; C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH)
S3 VPREMOTE; C:\TEMP\Clt-Inst\vpremote.exe [x]

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC64.SYS [3491616 2009-06-18] (Realtek Semiconductor Corp.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-09-18] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-09-18] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-09-18] (Avira GmbH)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [19008 2007-08-01] (T-Systems Enterprise Services GmbH)
R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2010-08-16] (Hauppauge Computer Works, Inc.)
S3 libusb0; C:\Windows\SysWow64\drivers\libusb0.sys [32256 2009-06-24] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2010-03-30] (AVM Berlin)
R1 se64a; C:\Windows\System32\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
R1 se64a; C:\Windows\SysWow64\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
S3 libusb0; system32\drivers\libusb0.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-01 18:28 - 2013-07-01 18:27 - 01933776 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64new.exe
2013-07-01 18:26 - 2013-06-30 23:27 - 01933758 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-07-01 18:25 - 2013-07-01 18:25 - 00001079 ____A C:\Users\Administrator\Desktop\JRT.txt
2013-07-01 18:19 - 2013-07-01 18:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 18:19 - 2013-07-01 18:19 - 00000000 ____D C:\JRT
2013-07-01 18:06 - 2013-07-01 18:06 - 00007072 ____A C:\AdwCleaner[S1].txt
2013-07-01 18:02 - 2013-07-01 17:59 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Administrator\Desktop\JRT.exe
2013-07-01 18:02 - 2013-07-01 17:58 - 00648201 ____A C:\Users\Administrator\Desktop\adwcleaner.exe
2013-07-01 00:47 - 2013-07-01 00:47 - 00000000 ____D C:\FRST
2013-06-30 19:40 - 2013-06-30 19:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-06-30 19:15 - 2013-06-30 19:15 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-30 19:15 - 2013-06-30 19:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-30 19:15 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-30 17:55 - 2013-06-30 17:55 - 00000000 ____D C:\Stinger_Quarantine
2013-06-30 17:54 - 2013-06-30 19:14 - 00000000 ____D C:\Program Files\stinger
2013-06-30 17:44 - 2013-06-30 19:14 - 00000000 ____D C:\virusweg
2013-06-30 17:36 - 2013-06-30 17:36 - 00002679 ____A C:\ProgramData\eocz6d.js
2013-06-30 16:05 - 2013-06-30 19:09 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-30 12:01 - 2013-06-30 12:01 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2
2013-06-30 12:01 - 2013-06-30 12:01 - 00000000 ___HD C:\ProgramData\CanonEPP
2013-06-30 11:54 - 2013-06-30 19:54 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-30 11:54 - 2013-06-30 11:54 - 00001007 ____A C:\ProgramData\sdaksda.txt
2013-06-24 23:14 - 2013-06-24 23:14 - 00000000 ____D C:\Users\mpg\Application Data\Adobe
2013-06-23 12:51 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-23 12:50 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-23 12:50 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-23 12:50 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-23 12:50 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-23 12:50 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-23 12:50 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-23 12:50 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-23 12:50 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-23 12:50 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-23 12:50 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-23 12:50 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-23 12:50 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-23 12:50 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-23 12:50 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-23 12:50 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-23 12:50 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-23 12:49 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-23 12:49 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-23 12:49 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-23 12:49 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-23 12:49 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-23 12:49 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-23 12:49 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-23 12:49 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-23 12:49 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-23 12:49 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-23 12:49 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-23 12:49 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-23 12:49 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-23 12:49 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-23 12:49 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-23 12:49 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-23 12:49 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-23 12:49 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-23 12:49 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-23 12:49 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-03 23:33 - 2013-06-03 23:33 - 00000000 ____D C:\Users\mpg\AppData\Local\sabnzbd
2013-06-03 14:24 - 2013-06-03 14:24 - 00000001 ____A C:\ProgramData\5n443ejv.exe_.b
2013-06-03 14:24 - 2013-06-03 14:24 - 00000001 ____A C:\ProgramData\5n443ejv.exe.b

==================== One Month Modified Files and Folders =======

2013-07-01 18:27 - 2013-07-01 18:28 - 01933776 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64new.exe
2013-07-01 18:25 - 2013-07-01 18:25 - 00001079 ____A C:\Users\Administrator\Desktop\JRT.txt
2013-07-01 18:22 - 2009-07-14 06:45 - 00031888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 18:22 - 2009-07-14 06:45 - 00031888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 18:21 - 2011-04-12 09:43 - 00757366 ____A C:\Windows\System32\perfh007.dat
2013-07-01 18:21 - 2011-04-12 09:43 - 00172838 ____A C:\Windows\System32\perfc007.dat
2013-07-01 18:21 - 2009-07-14 07:13 - 01769856 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 18:19 - 2013-07-01 18:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 18:19 - 2013-07-01 18:19 - 00000000 ____D C:\JRT
2013-07-01 18:18 - 2013-02-07 21:48 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 18:16 - 2013-05-26 13:20 - 00001929 ____A C:\Windows\setupact.log
2013-07-01 18:16 - 2011-10-26 10:47 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-01 18:16 - 2011-07-31 19:40 - 00000120 ____A C:\Windows\System32\config\netlogon.ftl
2013-07-01 18:16 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 18:14 - 2011-07-31 19:17 - 01947464 ____A C:\Windows\WindowsUpdate.log
2013-07-01 18:11 - 2012-05-28 11:10 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 18:06 - 2013-07-01 18:06 - 00007072 ____A C:\AdwCleaner[S1].txt
2013-07-01 17:59 - 2013-07-01 18:02 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Administrator\Desktop\JRT.exe
2013-07-01 17:58 - 2013-07-01 18:02 - 00648201 ____A C:\Users\Administrator\Desktop\adwcleaner.exe
2013-07-01 17:58 - 2013-02-07 21:48 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 10:59 - 2013-03-26 23:58 - 00000000 ____D C:\users\mpg
2013-07-01 00:47 - 2013-07-01 00:47 - 00000000 ____D C:\FRST
2013-06-30 23:34 - 2013-03-26 23:59 - 00000285 ____A C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-06-30 23:34 - 2011-09-05 12:29 - 00000000 ____D C:\Program Files (x86)\ABBYY FineReader 10
2013-06-30 23:27 - 2013-07-01 18:26 - 01933758 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-06-30 19:54 - 2013-06-30 11:54 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-30 19:52 - 2012-09-18 18:53 - 00016826 ____A C:\Windows\PFRO.log
2013-06-30 19:40 - 2013-06-30 19:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-06-30 19:15 - 2013-06-30 19:15 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-30 19:15 - 2013-06-30 19:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-30 19:14 - 2013-06-30 17:54 - 00000000 ____D C:\Program Files\stinger
2013-06-30 19:14 - 2013-06-30 17:44 - 00000000 ____D C:\virusweg
2013-06-30 19:09 - 2013-06-30 16:05 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-30 17:55 - 2013-06-30 17:55 - 00000000 ____D C:\Stinger_Quarantine
2013-06-30 17:36 - 2013-06-30 17:36 - 00002679 ____A C:\ProgramData\eocz6d.js
2013-06-30 12:01 - 2013-06-30 12:01 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2
2013-06-30 12:01 - 2013-06-30 12:01 - 00000000 ___HD C:\ProgramData\CanonEPP
2013-06-30 11:54 - 2013-06-30 11:54 - 00001007 ____A C:\ProgramData\sdaksda.txt
2013-06-30 11:49 - 2011-08-20 19:18 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-06-27 09:31 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-06-25 18:12 - 2013-05-30 12:19 - 00000000 ____D C:\Users\mpg\AppData\Roaming\DVDVideoSoft
2013-06-25 00:00 - 2012-10-10 03:37 - 00000000 ____D C:\Windows\rescache
2013-06-24 23:14 - 2013-06-24 23:14 - 00000000 ____D C:\Users\mpg\Application Data\Adobe
2013-06-24 14:14 - 2012-02-07 18:01 - 00000000 ____D C:\Program Files (x86)\StarMoney 8.0
2013-06-19 23:06 - 2012-09-15 23:58 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-12 16:11 - 2012-05-28 11:10 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 16:11 - 2011-08-01 02:05 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-08 16:08 - 2013-06-23 12:49 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-23 12:49 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-23 12:49 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-23 12:49 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-23 12:49 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-23 12:50 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-23 12:49 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-23 12:49 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-23 12:49 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-23 12:49 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-23 12:49 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-23 12:50 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 18:14 - 2013-05-30 01:16 - 00000000 ____D C:\Users\mpg\AppData\Roaming\Spotify
2013-06-05 18:13 - 2013-05-30 01:16 - 00000000 ____D C:\Users\mpg\AppData\Local\Spotify
2013-06-03 23:33 - 2013-06-03 23:33 - 00000000 ____D C:\Users\mpg\AppData\Local\sabnzbd
2013-06-03 17:32 - 2012-01-10 21:39 - 00000000 ____D C:\ProgramData\DVD Shrink
2013-06-03 14:24 - 2013-06-03 14:24 - 00000001 ____A C:\ProgramData\5n443ejv.exe_.b
2013-06-03 14:24 - 2013-06-03 14:24 - 00000001 ____A C:\ProgramData\5n443ejv.exe.b
2013-06-01 13:56 - 2013-03-26 23:58 - 00000858 _RASH C:\Users\mpg\ntuser.pol

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-23 00:59

==================== End Of Log ============================
--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2013 02
Ran by Administrator at 2013-07-01 18:29:28
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

ABBYY FineReader 10 Corporate Edition (x32 Version: 10.501.154.7211)
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.2.443)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.6)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Download Assistant (x32 Version: 1.2)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Media Player (x32 Version: 0.0.0)
Adobe Media Player (x32 Version: 1.1)
Adobe Reader X (10.1.6) - Deutsch (x32 Version: 10.1.6)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
Advertising Center (x32 Version: 0.0.0.2)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Autodesk Download Manager (x32 Version: 1.0.122.0)
Avira Antivirus Premium 2012 (x32 Version: 12.1.9.1255)
BenVista PhotoZoom Pro 4.0.6 (x32 Version: 4.0.6)
Biet-O-Matic v2.0.30 (x32 Version: Biet-O-Matic v2.0.30)
BitZipper 2010 (x32)
Bonjour (Version: 3.0.0.10)
calibre (x32 Version: 0.9.16)
Canon Easy-PhotoPrint EX (x32)
Canon Easy-WebPrint EX (x32)
Canon iP4800 series Benutzerregistrierung (x32)
Canon iP4800 series Printer Driver
Canon My Printer (x32)
Canon Solution Menu EX (x32)
CCleaner (Version: 3.22)
CD-LabelPrint (x32)
Crystal Reports 2008 Runtime SP1 (x32 Version: 12.1.0.882)
cyberJack Base Components (x32 Version: 6.9.12)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Deutsche Post E-Porto (x32 Version: 2.1.0)
DfontSplitter 0.3.1 (x32)
DHTML Editing Component (x32 Version: 6.02.0001)
DolbyFiles (x32 Version: 2.0)
DVD Shrink 3.2 deutsch (DeCSS-frei) (x32)
ELO Pdf Drucker (x32 Version: 6.0)
ELOoffice (x32 Version: 9.0)
Enstella Systems Exchange Recovery 6.9 Build 19012013 (Version: v6.9)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2)
FavOrg (x32)
finalRender R3.5 SP2 for 3ds Max 2011x64 (Version: 3.5.2)
finalToon R3.5 SP2 for 3ds Max 2011x64 (Version: 3.5.2)
Free Studio version 5.6.1.608 (x32 Version: 5.6.1.608)
Free YouTube to MP3 Converter version 3.11.24.608 (x32 Version: 3.11.24.608)
FRITZ!Fernzugang (Version: 1.2.3)
Google Chrome (x32 Version: 27.0.1453.116)
Google Update Helper (x32 Version: 1.3.21.145)
GPL Ghostscript (Version: 9.05)
GSview 5.0 (Version: 5.0)
Hauppauge WinTV 7 (x32 Version: v7.0.29209 (CD 2.4))
iCloud (Version: 2.1.2.8)
ImagXpress (x32 Version: 7.0.74.0)
IP-Clamp Service (x32 Version: 1.2.0)
Ipswitch WS_FTP 12 (x32 Version: 12.0.1)
iTunes (Version: 11.0.3.42)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java 7 Update 7 (x32 Version: 7.0.70)
Java Auto Updater (x32 Version: 2.1.9.0)
JDownloader 0.9 (x32 Version: 0.9)
LAN Speed Test (x32 Version: 3.4)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Menu Templates - Starter Kit (x32 Version: 9.4.6.0)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
MKV Cutter 1.0 (x32)
Movie Templates - Starter Kit (x32 Version: 9.4.6.0)
Mozilla Firefox 8.0.1 (x86 de) (x32 Version: 8.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 9 (x32)
Nero BurnRights (x32 Version: 3.4.13.100)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero CoverDesigner (x32 Version: 4.4.12.100)
Nero Disc Copy Gadget (x32 Version: 2.4.34.0)
Nero DiscSpeed (x32 Version: 5.4.13.100)
Nero DriveSpeed (x32 Version: 4.4.12.100)
Nero InfoTool (x32 Version: 6.4.12.100)
Nero Installer (x32 Version: 4.4.9.0)
Nero Recode (x32 Version: 4.4.38.1)
Nero Rescue Agent (x32 Version: 2.4.14.100)
Nero ShowTime (x32 Version: 5.4.21.100)
Nero StartSmart (x32 Version: 9.4.19.100)
Nero Vision (x32 Version: 6.4.16.100)
Nero WaveEditor (x32 Version: 5.4.37.1)
NeroBurningROM (x32 Version: 9.4.26.100)
NeroExpress (x32 Version: 9.4.26.100)
neroxml (x32 Version: 1.0.0)
NVIDIA 3D Vision Treiber 267.79 (Version: 267.79)
NVIDIA Grafiktreiber 267.79 (Version: 267.79)
NVIDIA HD-Audiotreiber 1.1.13.1 (Version: 1.1.13.1)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA nView 135.70 (Version: 135.70)
NVIDIA nView Desktop Manager (Version: 6.14.10.13570)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6779)
NVIDIA Systemsteuerung 267.79 (Version: 267.79)
OCTAcad NG (x32 Version: 9.0.0.8)
Ontrack EasyRecovery Professional (x32 Version: 6.20.11)
PDF Settings CS6 (x32 Version: 11.0)
PosteRazor (x32 Version: 1.5)
PSTViewer Pro (Version: 4.8.0.2667)
Quick Screen Capture 3.0 (x32 Version: 3.0)
QuickPar 0.9 (x32 Version: 0.9)
QuickTime (x32 Version: 7.74.80.86)
Readiris Pro 10 (x32)
Realtek AC'97 Audio (x32)
Samsung CLX-3170 Series (x32)
SmarThru 4 (x32)
SmarThru PC Fax (x32)
softOSD Client (Build 1445) (x32)
SoundTrax (x32 Version: 4.4.37.1)
StarMoney (x32 Version: 2.0)
StarMoney (x32 Version: 3.0.1.31)
StarMoney (x32 Version: 3.0.2.50)
StarMoney 8.0  (x32 Version: 8.0)
STRATO HiDrive (remove only) (x32)
STRATO HiDrive (x32 Version: 1.0.0)
Tools für Microsoft SQL Server 2005 Express Edition (x32 Version: 9.4.5000.00)
TransType Pro (x32 Version: 3.0)
TreeSize Free V2.7 (x32 Version: 2.7)
TrueCrypt (x32 Version: 7.0a)
Turbo Lister 2 (x32 Version: 2.00.0000)
TV-Browser 3.0.1 (x32 Version: 3.0.1)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (x32 Version: 9.00.5000.00)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
WePrint (x32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Small Business Server 2008 ClientAgent (Version: 6.0.5601.6)
Windows Small Business Server 2008 Desktop Links Gadget (Version: 6.0.5601.6)
Windows Small Business Server 2008 WMI Provider (x32 Version: 6.0.5601.6)
Windows Small Business Server 2011 Standard ClientAgent (Version: 6.1.7900.1)
Windows Small Business Server 2011 Standard WMI Provider (x32 Version: 6.1.7900.1)
WinRAR archiver (x32)
Yahoo! Detect (x32)

==================== Restore Points  =========================

01-07-2013 09:39:14 Geplanter Prüfpunkt

==================== Hosts content: ==========================



==================== Scheduled Tasks (whitelisted) =============

Task: {266E076F-13D0-4F79-ACF3-816F62185CBB} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3600882220-918732610-3570367807-1161 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {369EAB2F-FD18-4059-9096-E37428E9B214} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {58F9FC93-0E9F-4E2A-8FE4-591C3DA185DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc.)
Task: {68921309-2B56-4C0A-8E95-5715BC127E66} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3600882220-918732610-3570367807-1194 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {82A148EE-BA2F-4FD3-890E-BE70C617C06F} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1044202327-2809515588-3206701108-1164 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {90EA89C1-E963-4F02-AD48-932C00142584} - System32\Tasks\WPD\SqmUpload_S-1-5-21-944476985-4228613698-2816873752-500 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {C97D9504-564C-4D1A-B22A-69DA433B8C8E} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {D0BC2724-2BAF-4EC0-87F1-3DDAE3962DBD} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-03-02] ()
Task: {D2382343-8DF1-4DCA-B2D3-79055B735A28} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {FC470BCB-78AB-4DF7-BCA0-D68C104C56D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {FF25FBAD-779D-4CEF-AEB9-CFFC268E6997} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-06-27 09:30:48.140
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume7\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-26 12:25:16.062
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume7\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-26 11:24:48.912
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume7\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-26 10:29:22.006
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume7\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-26 10:19:43.697
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume7\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-26 10:12:04.791
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume7\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-26 10:02:06.349
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume7\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-26 09:54:21.101
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume7\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-26 09:43:59.937
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume7\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-26 09:37:03.588
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume7\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 4095.55 MB
Available physical RAM: 2550.06 MB
Total Pagefile: 8189.29 MB
Available Pagefile: 6340.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:69.25 GB) (Free:3.19 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive e: (MUSIC) (Fixed) (Total:100.59 GB) (Free:99.79 GB) NTFS (Disk=2 Partition=1)
Drive f: (VIDEO) (Fixed) (Total:197.49 GB) (Free:196.7 GB) NTFS (Disk=2 Partition=2)
Drive h: (INSTALL) (Fixed) (Total:49.01 GB) (Free:24.06 GB) NTFS (Disk=1 Partition=1)
Drive i: (DASI) (Fixed) (Total:49.01 GB) (Free:8.15 GB) NTFS (Disk=1 Partition=2)
Drive j: (NewMedia) (Fixed) (Total:1397.26 GB) (Free:830.67 GB) NTFS (Disk=3 Partition=1)
Drive k: (MEDIA) (Fixed) (Total:98.45 GB) (Free:93.5 GB) NTFS (Disk=1 Partition=3)
Drive l: (REST) (Fixed) (Total:83 GB) (Free:43.92 GB) NTFS (Disk=1 Partition=4)
Drive u: (USB DISK) (Removable) (Total:28.85 GB) (Free:28.82 GB) FAT32 (Disk=4 Partition=1)
Drive z: (Daten) (Network) (Total:899.91 GB) (Free:559.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 69 GB) (Disk ID: 19581957)
Partition 1: (Active) - (Size=69 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 279 GB) (Disk ID: 9ECAD516)
Partition 1: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=230 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 55E67A65)
Partition 1: (Not Active) - (Size=298 GB) - (Type=OF Extended)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: ABD923D5)
Partition 1: (Not Active) - (Size=-698723409920) - (Type=OF Extended)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 29 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=29 GB) - (Type=0C)

==================== End Of Log ============================
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by Administrator on 01.07.2013 at 18:19:36,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\office\powerpoint\addins\babylonofficeaddin.officeaddin
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\office\word\addins\babylonofficeaddin.officeaddin



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\adobe\reader 10.0\reader\plug_ins\babylon\babylonrpi.api"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.07.2013 at 18:25:12,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Besten Dank soweit.

schrauber 02.07.2013 07:59

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log bitte. Noch Probleme?

cristianeF 04.07.2013 22:49
Hallo
hat etwas gedauert...
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c9f615e9fbbce441b9ee328fe87342ec
# engine=14241
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-03 05:37:29
# local_time=2013-07-03 07:37:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1800 16775165 100 95 46870 118592869 39645 0
# compatibility_mode=5893 16776574 100 94 60689100 124459699 0 0
# scanned=512223
# found=16
# cleaned=0
# scan_time=32913
sh=66C7C503C9669C94F0E79161812765CA1614836C ft=1 fh=5707bb33eeae13ea vn="Win32/TrojanClicker.Agent.NEB trojan" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1044202327-2809515588-3206701108-1164\$R49W54J.tmp"
sh=6BAB49F4B4FDF171445CCEB9CD830CE49F2C1745 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1044202327-2809515588-3206701108-1164\$RPV4TN1.lnk"
sh=DFD767F15561427989E63F419F66631869879645 ft=1 fh=a583d84d10823dcf vn="a variant of Win32/Kryptik.BESD trojan" ac=I fn="C:\FRST\Quarantine\3797871.dll"
sh=DFD767F15561427989E63F419F66631869879645 ft=1 fh=a583d84d10823dcf vn="a variant of Win32/Kryptik.BESD trojan" ac=I fn="C:\FRST\Quarantine\d6zcoe.dat"
sh=E5A1C45A3325D9DE9178FD24D3BC439E39D073B0 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\FRST\Quarantine\eocz6d.bat"
sh=8F51A4C8C1E43936EA7FC4A14A7E332A34FA0510 ft=0 fh=0000000000000000 vn="Win32/Reveton.R trojan" ac=I fn="C:\ProgramData\eocz6d.js"
sh=6BAB49F4B4FDF171445CCEB9CD830CE49F2C1745 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\ProgramData\sdaksda.txt"
sh=8F51A4C8C1E43936EA7FC4A14A7E332A34FA0510 ft=0 fh=0000000000000000 vn="Win32/Reveton.R trojan" ac=I fn="C:\Users\All Users\eocz6d.js"
sh=6BAB49F4B4FDF171445CCEB9CD830CE49F2C1745 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Users\All Users\sdaksda.txt"
sh=11D9D3AEB8EE0A4C5C452D74BFC9AEFE3E0793B9 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\mpg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I6MBQJRF\pornkik_com[1].htm"
sh=055B0F3791201452D1DA63DBE19322A7462CF6BD ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OLQ trojan" ac=I fn="C:\Users\mpg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6818214a-74f9cf41"
sh=D6D5F93C92B3302EAE28AB2F8EF40F5670A81AD8 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\mpg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2e14d0ae-58bccf4a"
sh=6BAB49F4B4FDF171445CCEB9CD830CE49F2C1745 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Users\mpg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk"
sh=4A5E9FE53840E767D2336A29B515F2A2716B616B ft=0 fh=0000000000000000 vn="Win32/Adware.Gator.Trickler application" ac=I fn="J:\DASI\dasi_media\downloads\DOWNLOADS\Programme\videotools\divx\Divx5pro.ace"
sh=182664362DCB099C2FFEF4B68DAD9881CE8CC439 ft=0 fh=0000000000000000 vn="PHP/Agent.NAF trojan" ac=I fn="J:\DASI\dasi_media\webprojekte\stratoarchiv\leopold-glaser\artikel\mailcheck.php"
sh=3E1D2BC4657633217E02F8C18F3A4F4E82E66147 ft=0 fh=0000000000000000 vn="PHP/C99Shell.NAJ trojan" ac=I fn="J:\DASI\dasi_media\webprojekte\stratoarchiv\weltladen\weltladen.php"
[CODE Results of screen317's Security Check version 0.99.68
Windows 7 Service Pack 1 x64
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Java 7 Update 7
Java version out of Date!
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (8.0.1)
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.116
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
StarMoney 8.0 ouserv ice StarMoneyOnlineUpdate.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
[b][u]`][/CODE]

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by mpg (administrator) on 04-07-2013 23:43:10
Running from H:\Bundestrojaner\frsst
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
() C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(EnTech Taiwan) C:\Program Files (x86)\softOSD\softOSD.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(STRATO) C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(EnTech Taiwan) C:\Windows\SysWOW64\softLCP.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Spotify Ltd) C:\Users\mpg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(T-Systems Enterprise Services GmbH) C:\Program Files (x86)\DSL-Manager\DslMgr.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
() C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Farbar) H:\Bundestrojaner\frsst\FRST64new.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x]
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [1875048 2011-02-24] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [Spotify Web Helper] "C:\Users\mpg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-30] (Spotify Ltd)
MountPoints2: {4136042a-bbc5-11e0-a147-0024013171b5} - N:\unlock.exe autoplay=true
HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Bonus.SSR.FR10] "C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun [941320 2009-12-20] (ABBYY.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [825560 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-09-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-05-15] (Autodesk, Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [552960 2009-02-27] ()
HKLM-x32\...\Run: [3170 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe" [503808 2009-01-30] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKU\Administrator\...\Run: [AdobeBridge]  [x]
HKU\Administrator\...\Run: [Akamai NetSession Interface] "C:\Users\mpg.MMESSE\AppData\Local\Akamai\netsession_win.exe" [x]
AppInit_DLLs:  [0 ] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\mpg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\mpg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~3\d6zcoe.dat (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///D:/viewer/ORDcmViewCD.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{59A51923-1C7E-49C0-AEF1-CB4EBDEDF5EA}: [NameServer]192.168.1.1,192.168.1.254

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\mpg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\mpg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\mpg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\mpg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\mpg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Corporate.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [814344 2009-12-19] (ABBYY)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [375760 2012-09-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-09-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-09-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-09-18] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [508848 2011-05-09] (REINER SCT)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [563712 2011-07-22] (Hauppauge Computer Works)
R2 IPClampService; C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe [45700 2007-11-20] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 softOSD; C:\Program Files (x86)\softOSD\softOSD.exe [291384 2010-12-18] (EnTech Taiwan)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 STRATO HiDrive Service; C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO)
S3 TDslMgrService; C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH)
S3 VPREMOTE; C:\TEMP\Clt-Inst\vpremote.exe [x]

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC64.SYS [3491616 2009-06-18] (Realtek Semiconductor Corp.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-09-18] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-09-18] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-09-18] (Avira GmbH)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [19008 2007-08-01] (T-Systems Enterprise Services GmbH)
R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2010-08-16] (Hauppauge Computer Works, Inc.)
S3 libusb0; C:\Windows\SysWow64\drivers\libusb0.sys [32256 2009-06-24] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2010-03-30] (AVM Berlin)
R1 se64a; C:\Windows\System32\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
R1 se64a; C:\Windows\SysWow64\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
S3 libusb0; system32\drivers\libusb0.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-04 10:39 - 2013-07-04 10:39 - 00000000 ____D C:\Users\mpg\AppData\Roaming\ABBYY
2013-07-04 10:39 - 2013-07-04 10:39 - 00000000 ____D C:\Users\mpg\AppData\Local\ABBYY
2013-07-01 18:29 - 2013-07-01 18:33 - 00020775 ____A C:\Users\Administrator\Desktop\Addition.txt
2013-07-01 18:29 - 2013-07-01 18:29 - 00030934 ____A C:\Users\Administrator\Desktop\FRST.txt
2013-07-01 18:28 - 2013-07-01 18:27 - 01933776 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64new.exe
2013-07-01 18:26 - 2013-06-30 23:27 - 01933758 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-07-01 18:25 - 2013-07-01 18:25 - 00001079 ____A C:\Users\Administrator\Desktop\JRT.txt
2013-07-01 18:19 - 2013-07-01 18:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 18:19 - 2013-07-01 18:19 - 00000000 ____D C:\JRT
2013-07-01 18:02 - 2013-07-01 17:59 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Administrator\Desktop\JRT.exe
2013-07-01 18:02 - 2013-07-01 17:58 - 00648201 ____A C:\Users\Administrator\Desktop\adwcleaner.exe
2013-07-01 00:47 - 2013-07-01 00:47 - 00000000 ____D C:\FRST
2013-06-30 19:40 - 2013-06-30 19:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-06-30 19:15 - 2013-06-30 19:15 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-30 19:15 - 2013-06-30 19:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-30 19:15 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-30 17:55 - 2013-06-30 17:55 - 00000000 ____D C:\Stinger_Quarantine
2013-06-30 17:54 - 2013-06-30 19:14 - 00000000 ____D C:\Program Files\stinger
2013-06-30 17:44 - 2013-06-30 19:14 - 00000000 ____D C:\virusweg
2013-06-30 17:36 - 2013-06-30 17:36 - 00002679 ____A C:\ProgramData\eocz6d.js
2013-06-30 16:05 - 2013-06-30 19:09 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-30 12:01 - 2013-06-30 12:01 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2
2013-06-30 12:01 - 2013-06-30 12:01 - 00000000 ___HD C:\ProgramData\CanonEPP
2013-06-30 11:54 - 2013-06-30 19:54 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-30 11:54 - 2013-06-30 11:54 - 00001007 ____A C:\ProgramData\sdaksda.txt
2013-06-24 23:14 - 2013-06-24 23:14 - 00000000 ____D C:\Users\mpg\Application Data\Adobe
2013-06-23 12:51 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-23 12:50 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-23 12:50 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-23 12:50 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-23 12:50 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-23 12:50 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-23 12:50 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-23 12:50 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-23 12:50 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-23 12:50 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-23 12:50 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-23 12:50 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-23 12:50 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-23 12:50 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-23 12:50 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-23 12:50 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-23 12:50 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-23 12:49 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-23 12:49 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-23 12:49 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-23 12:49 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-23 12:49 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-23 12:49 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-23 12:49 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-23 12:49 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-23 12:49 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-23 12:49 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-23 12:49 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-23 12:49 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-23 12:49 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-23 12:49 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-23 12:49 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-23 12:49 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-23 12:49 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-23 12:49 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-23 12:49 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-23 12:49 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll

==================== One Month Modified Files and Folders =======

2013-07-04 23:11 - 2012-05-28 11:10 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-04 23:05 - 2013-02-07 21:48 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-04 21:53 - 2011-07-31 19:40 - 00000120 ____A C:\Windows\System32\config\netlogon.ftl
2013-07-04 18:49 - 2009-07-14 06:45 - 00031888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 18:49 - 2009-07-14 06:45 - 00031888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 16:04 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-07-04 10:39 - 2013-07-04 10:39 - 00000000 ____D C:\Users\mpg\AppData\Roaming\ABBYY
2013-07-04 10:39 - 2013-07-04 10:39 - 00000000 ____D C:\Users\mpg\AppData\Local\ABBYY
2013-07-04 03:05 - 2013-02-07 21:48 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-04 02:28 - 2011-07-31 19:17 - 01427956 ____A C:\Windows\WindowsUpdate.log
2013-07-03 14:11 - 2012-02-07 18:01 - 00000000 ____D C:\Program Files (x86)\StarMoney 8.0
2013-07-01 18:44 - 2011-04-12 09:43 - 00757366 ____A C:\Windows\System32\perfh007.dat
2013-07-01 18:44 - 2011-04-12 09:43 - 00172838 ____A C:\Windows\System32\perfc007.dat
2013-07-01 18:44 - 2009-07-14 07:13 - 01769856 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 18:39 - 2013-05-26 13:20 - 00001985 ____A C:\Windows\setupact.log
2013-07-01 18:39 - 2011-10-26 10:47 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-01 18:39 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 18:33 - 2013-07-01 18:29 - 00020775 ____A C:\Users\Administrator\Desktop\Addition.txt
2013-07-01 18:29 - 2013-07-01 18:29 - 00030934 ____A C:\Users\Administrator\Desktop\FRST.txt
2013-07-01 18:27 - 2013-07-01 18:28 - 01933776 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64new.exe
2013-07-01 18:25 - 2013-07-01 18:25 - 00001079 ____A C:\Users\Administrator\Desktop\JRT.txt
2013-07-01 18:19 - 2013-07-01 18:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 18:19 - 2013-07-01 18:19 - 00000000 ____D C:\JRT
2013-07-01 17:59 - 2013-07-01 18:02 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Administrator\Desktop\JRT.exe
2013-07-01 17:58 - 2013-07-01 18:02 - 00648201 ____A C:\Users\Administrator\Desktop\adwcleaner.exe
2013-07-01 10:59 - 2013-03-26 23:58 - 00000000 ____D C:\users\mpg
2013-07-01 00:47 - 2013-07-01 00:47 - 00000000 ____D C:\FRST
2013-06-30 23:34 - 2013-03-26 23:59 - 00000285 ____A C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-06-30 23:34 - 2011-09-05 12:29 - 00000000 ____D C:\Program Files (x86)\ABBYY FineReader 10
2013-06-30 23:27 - 2013-07-01 18:26 - 01933758 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-06-30 19:54 - 2013-06-30 11:54 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-30 19:52 - 2012-09-18 18:53 - 00016826 ____A C:\Windows\PFRO.log
2013-06-30 19:40 - 2013-06-30 19:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-06-30 19:15 - 2013-06-30 19:15 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-30 19:15 - 2013-06-30 19:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-30 19:14 - 2013-06-30 17:54 - 00000000 ____D C:\Program Files\stinger
2013-06-30 19:14 - 2013-06-30 17:44 - 00000000 ____D C:\virusweg
2013-06-30 19:09 - 2013-06-30 16:05 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-30 17:55 - 2013-06-30 17:55 - 00000000 ____D C:\Stinger_Quarantine
2013-06-30 17:36 - 2013-06-30 17:36 - 00002679 ____A C:\ProgramData\eocz6d.js
2013-06-30 12:01 - 2013-06-30 12:01 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2
2013-06-30 12:01 - 2013-06-30 12:01 - 00000000 ___HD C:\ProgramData\CanonEPP
2013-06-30 11:54 - 2013-06-30 11:54 - 00001007 ____A C:\ProgramData\sdaksda.txt
2013-06-30 11:49 - 2011-08-20 19:18 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-06-25 18:12 - 2013-05-30 12:19 - 00000000 ____D C:\Users\mpg\AppData\Roaming\DVDVideoSoft
2013-06-25 00:00 - 2012-10-10 03:37 - 00000000 ____D C:\Windows\rescache
2013-06-24 23:14 - 2013-06-24 23:14 - 00000000 ____D C:\Users\mpg\Application Data\Adobe
2013-06-19 23:06 - 2012-09-15 23:58 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-12 16:11 - 2012-05-28 11:10 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 16:11 - 2011-08-01 02:05 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-08 16:08 - 2013-06-23 12:49 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-23 12:49 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-23 12:49 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-23 12:49 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-23 12:49 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-23 12:50 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-23 12:49 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-23 12:49 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-23 12:49 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-23 12:49 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-23 12:49 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-23 12:50 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 18:14 - 2013-05-30 01:16 - 00000000 ____D C:\Users\mpg\AppData\Roaming\Spotify
2013-06-05 18:13 - 2013-05-30 01:16 - 00000000 ____D C:\Users\mpg\AppData\Local\Spotify

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 07:56

==================== End Of Log ============================
--- --- ---

schrauber 05.07.2013 09:27
Java und Adobe updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
C:\$Recycle.Bin
C:\ProgramData\eocz6d.js
C:\ProgramData\sdaksda.txt
C:\Users\All Users\eocz6d.js
C:\Users\All Users\sdaksda.txt
C:\Users\mpg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
Startup: C:\Users\mpg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~3\d6zcoe.dat (No File)
2013-06-30 17:36 - 2013-06-30 17:36 - 00002679 ____A C:\ProgramData\eocz6d.js
2013-06-30 11:54 - 2013-06-30 19:54 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-30 11:54 - 2013-06-30 11:54 - 00001007 ____A C:\ProgramData\sdaksda.txt
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

und ein frisches FRST Log bitte. Noch Probleme? :)

cristianeF 07.07.2013 21:32
Hallo Schrauber
Updates gemacht. Zur Zeit keine Probleme.
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-06-2013 03
Ran by Administrator at 2013-07-07 10:54:45 Run:2
Running from H:\Bundestrojaner\frsst
Boot Mode: Normal
==============================================


"C:\$Recycle.Bin" directory move:

Could not move "C:\$Recycle.Bin" directory. => Scheduled to move on reboot.

C:\ProgramData\eocz6d.js => Moved successfully.
C:\ProgramData\sdaksda.txt => Moved successfully.
C:\Users\All Users\eocz6d.js => File/Directory not found.
C:\Users\All Users\sdaksda.txt => File/Directory not found.
C:\Users\mpg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk => Moved successfully.
C:\Users\mpg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk not found.
C:\PROGRA~3\d6zcoe.dat not found.
C:\ProgramData\eocz6d.js => File/Directory not found.
C:\ProgramData\g252qs.txt => Moved successfully.
C:\ProgramData\sdaksda.txt => File/Directory not found.

=========== Result of Scheduled Files to move ===========
C:\$Recycle.Bin => Moved successfully.

==== End of Fixlog ====
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03 (ATTENTION: FRST version is 7 days old)
Ran by mpg (administrator) on 07-07-2013 22:20:51
Running from H:\Bundestrojaner\frsst
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
() C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(EnTech Taiwan) C:\Program Files (x86)\softOSD\softOSD.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(STRATO) C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(EnTech Taiwan) C:\Windows\SysWOW64\softLCP.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Spotify Ltd) C:\Users\mpg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(T-Systems Enterprise Services GmbH) C:\Program Files (x86)\DSL-Manager\DslMgr.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(T-Systems Enterprise Services GmbH) C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x]
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [1875048 2011-02-24] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [Spotify Web Helper] "C:\Users\mpg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-30] (Spotify Ltd)
MountPoints2: {4136042a-bbc5-11e0-a147-0024013171b5} - N:\unlock.exe autoplay=true
HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Bonus.SSR.FR10] "C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun [941320 2009-12-20] (ABBYY.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-09-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-05-15] (Autodesk, Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [552960 2009-02-27] ()
HKLM-x32\...\Run: [3170 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe" [503808 2009-01-30] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKU\Administrator\...\Run: [AdobeBridge]  [x]
HKU\Administrator\...\Run: [Akamai NetSession Interface] "C:\Users\mpg.MMESSE\AppData\Local\Akamai\netsession_win.exe" [x]
HKU\TEMP\...\RunOnce: [FRST] "H:\Bundestrojaner\frsst\FRST64.exe" [x]
AppInit_DLLs:  [0 ] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\mpg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///D:/viewer/ORDcmViewCD.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{59A51923-1C7E-49C0-AEF1-CB4EBDEDF5EA}: [NameServer]192.168.1.1,192.168.1.254

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\mpg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\mpg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\mpg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\mpg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\mpg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Corporate.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [814344 2009-12-19] (ABBYY)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [375760 2012-09-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-09-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-09-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-09-18] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [508848 2011-05-09] (REINER SCT)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [563712 2011-07-22] (Hauppauge Computer Works)
R2 IPClampService; C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe [45700 2007-11-20] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 softOSD; C:\Program Files (x86)\softOSD\softOSD.exe [291384 2010-12-18] (EnTech Taiwan)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 STRATO HiDrive Service; C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO)
R3 TDslMgrService; C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH)
S3 VPREMOTE; C:\TEMP\Clt-Inst\vpremote.exe [x]

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC64.SYS [3491616 2009-06-18] (Realtek Semiconductor Corp.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-09-18] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-09-18] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-09-18] (Avira GmbH)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [19008 2007-08-01] (T-Systems Enterprise Services GmbH)
R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2010-08-16] (Hauppauge Computer Works, Inc.)
S3 libusb0; C:\Windows\SysWow64\drivers\libusb0.sys [32256 2009-06-24] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2010-03-30] (AVM Berlin)
R1 se64a; C:\Windows\System32\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
R1 se64a; C:\Windows\SysWow64\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
S3 libusb0; system32\drivers\libusb0.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-07 19:49 - 2013-07-07 19:49 - 00000000 ____D C:\Users\mpg\AppData\Roaming\Malwarebytes
2013-07-07 18:25 - 2013-07-07 18:25 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-07 18:25 - 2013-07-07 18:25 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-07 18:25 - 2013-07-07 18:25 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-07 18:25 - 2013-07-07 18:25 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-07 10:49 - 2013-07-07 10:50 - 00000063 ____A C:\Windows\scanopt.ini
2013-07-07 10:49 - 2013-07-07 10:49 - 00013130 ____A C:\Windows\SysWOW64\switchboard.xml
2013-07-07 10:49 - 2013-07-07 10:49 - 00005776 ____A C:\Windows\brndlog.bak
2013-07-07 10:49 - 2013-07-07 10:49 - 00000244 ____A C:\Windows\SysWOW64\switchboard.ini
2013-07-07 10:49 - 2013-07-07 10:49 - 00000000 ____A C:\Windows\SysWOW64\launch.switchboard
2013-07-07 10:48 - 2013-07-07 10:48 - 00001445 ____A C:\Windows\SysWOW64\debug.log
2013-07-07 10:48 - 2013-07-07 10:48 - 00000000 ____D C:\Users\Default\Documents\Deutsche Post AG
2013-07-07 10:48 - 2013-07-07 10:48 - 00000000 ____D C:\Users\Default User\Documents\Deutsche Post AG
2013-07-06 21:04 - 2013-07-06 21:34 - 00000000 ____D C:\Users\mpg\AppData\Roaming\TV-Browser
2013-07-04 10:39 - 2013-07-04 10:39 - 00000000 ____D C:\Users\mpg\AppData\Roaming\ABBYY
2013-07-04 10:39 - 2013-07-04 10:39 - 00000000 ____D C:\Users\mpg\AppData\Local\ABBYY
2013-07-01 18:29 - 2013-07-01 18:33 - 00020775 ____A C:\Users\Administrator\Desktop\Addition.txt
2013-07-01 18:29 - 2013-07-01 18:29 - 00030934 ____A C:\Users\Administrator\Desktop\FRST.txt
2013-07-01 18:28 - 2013-07-01 18:27 - 01933776 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64new.exe
2013-07-01 18:26 - 2013-06-30 23:27 - 01933758 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-07-01 18:25 - 2013-07-01 18:25 - 00001079 ____A C:\Users\Administrator\Desktop\JRT.txt
2013-07-01 18:19 - 2013-07-01 18:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 18:19 - 2013-07-01 18:19 - 00000000 ____D C:\JRT
2013-07-01 18:02 - 2013-07-01 17:59 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Administrator\Desktop\JRT.exe
2013-07-01 18:02 - 2013-07-01 17:58 - 00648201 ____A C:\Users\Administrator\Desktop\adwcleaner.exe
2013-07-01 00:47 - 2013-07-07 22:20 - 00000000 ____D C:\FRST
2013-06-30 19:40 - 2013-06-30 19:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-06-30 19:15 - 2013-06-30 19:15 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-30 19:15 - 2013-06-30 19:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-30 19:15 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-30 17:55 - 2013-06-30 17:55 - 00000000 ____D C:\Stinger_Quarantine
2013-06-30 17:54 - 2013-06-30 19:14 - 00000000 ____D C:\Program Files\stinger
2013-06-30 17:44 - 2013-06-30 19:14 - 00000000 ____D C:\virusweg
2013-06-30 16:05 - 2013-06-30 19:09 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-30 12:01 - 2013-06-30 12:01 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2
2013-06-30 12:01 - 2013-06-30 12:01 - 00000000 ___HD C:\ProgramData\CanonEPP
2013-06-24 23:14 - 2013-06-24 23:14 - 00000000 ____D C:\Users\mpg\Application Data\Adobe
2013-06-23 12:51 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-23 12:50 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-23 12:50 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-23 12:50 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-23 12:50 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-23 12:50 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-23 12:50 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-23 12:50 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-23 12:50 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-23 12:50 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-23 12:50 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-23 12:50 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-23 12:50 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-23 12:50 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-23 12:50 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-23 12:50 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-23 12:50 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-23 12:50 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-23 12:49 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-23 12:49 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-23 12:49 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-23 12:49 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-23 12:49 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-23 12:49 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-23 12:49 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-23 12:49 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-23 12:49 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-23 12:49 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-23 12:49 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-23 12:49 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-23 12:49 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-23 12:49 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-23 12:49 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-23 12:49 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-23 12:49 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-23 12:49 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-23 12:49 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-23 12:49 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll

==================== One Month Modified Files and Folders =======

2013-07-07 22:20 - 2013-07-01 00:47 - 00000000 ____D C:\FRST
2013-07-07 22:11 - 2012-05-28 11:10 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-07 22:05 - 2013-02-07 21:48 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-07 21:19 - 2011-07-31 19:40 - 00000120 ____A C:\Windows\System32\config\netlogon.ftl
2013-07-07 20:15 - 2011-07-31 19:17 - 01926421 ____A C:\Windows\WindowsUpdate.log
2013-07-07 19:49 - 2013-07-07 19:49 - 00000000 ____D C:\Users\mpg\AppData\Roaming\Malwarebytes
2013-07-07 19:49 - 2013-02-07 21:48 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-07 19:24 - 2009-07-14 06:45 - 00031888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-07 19:24 - 2009-07-14 06:45 - 00031888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-07 19:18 - 2011-10-26 10:47 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-07 19:17 - 2013-05-26 13:20 - 00002153 ____A C:\Windows\setupact.log
2013-07-07 19:17 - 2012-09-18 18:53 - 00019610 ____A C:\Windows\PFRO.log
2013-07-07 19:17 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-07 18:42 - 2013-03-26 23:58 - 00000000 ____D C:\users\mpg
2013-07-07 18:42 - 2012-09-16 19:50 - 00002026 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2013-07-07 18:38 - 2011-08-03 10:42 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-07 18:38 - 2011-04-12 09:43 - 00757366 ____A C:\Windows\System32\perfh007.dat
2013-07-07 18:38 - 2011-04-12 09:43 - 00172838 ____A C:\Windows\System32\perfc007.dat
2013-07-07 18:38 - 2009-07-14 07:13 - 01769856 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-07 18:25 - 2013-07-07 18:25 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-07 18:25 - 2013-07-07 18:25 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-07 18:25 - 2013-07-07 18:25 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-07 18:25 - 2013-07-07 18:25 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-07 18:25 - 2012-09-15 00:06 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-07 18:25 - 2011-08-20 16:47 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-07 10:50 - 2013-07-07 10:49 - 00000063 ____A C:\Windows\scanopt.ini
2013-07-07 10:49 - 2013-07-07 10:49 - 00013130 ____A C:\Windows\SysWOW64\switchboard.xml
2013-07-07 10:49 - 2013-07-07 10:49 - 00005776 ____A C:\Windows\brndlog.bak
2013-07-07 10:49 - 2013-07-07 10:49 - 00000244 ____A C:\Windows\SysWOW64\switchboard.ini
2013-07-07 10:49 - 2013-07-07 10:49 - 00000000 ____A C:\Windows\SysWOW64\launch.switchboard
2013-07-07 10:48 - 2013-07-07 10:48 - 00001445 ____A C:\Windows\SysWOW64\debug.log
2013-07-07 10:48 - 2013-07-07 10:48 - 00000000 ____D C:\Users\Default\Documents\Deutsche Post AG
2013-07-07 10:48 - 2013-07-07 10:48 - 00000000 ____D C:\Users\Default User\Documents\Deutsche Post AG
2013-07-06 21:34 - 2013-07-06 21:04 - 00000000 ____D C:\Users\mpg\AppData\Roaming\TV-Browser
2013-07-06 18:59 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-07-06 05:02 - 2012-02-07 18:01 - 00000000 ____D C:\Program Files (x86)\StarMoney 8.0
2013-07-04 10:39 - 2013-07-04 10:39 - 00000000 ____D C:\Users\mpg\AppData\Roaming\ABBYY
2013-07-04 10:39 - 2013-07-04 10:39 - 00000000 ____D C:\Users\mpg\AppData\Local\ABBYY
2013-07-01 18:33 - 2013-07-01 18:29 - 00020775 ____A C:\Users\Administrator\Desktop\Addition.txt
2013-07-01 18:29 - 2013-07-01 18:29 - 00030934 ____A C:\Users\Administrator\Desktop\FRST.txt
2013-07-01 18:27 - 2013-07-01 18:28 - 01933776 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64new.exe
2013-07-01 18:25 - 2013-07-01 18:25 - 00001079 ____A C:\Users\Administrator\Desktop\JRT.txt
2013-07-01 18:19 - 2013-07-01 18:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 18:19 - 2013-07-01 18:19 - 00000000 ____D C:\JRT
2013-07-01 17:59 - 2013-07-01 18:02 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Administrator\Desktop\JRT.exe
2013-07-01 17:58 - 2013-07-01 18:02 - 00648201 ____A C:\Users\Administrator\Desktop\adwcleaner.exe
2013-06-30 23:34 - 2013-03-26 23:59 - 00000285 ____A C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-06-30 23:34 - 2011-09-05 12:29 - 00000000 ____D C:\Program Files (x86)\ABBYY FineReader 10
2013-06-30 23:27 - 2013-07-01 18:26 - 01933758 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-06-30 19:40 - 2013-06-30 19:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-06-30 19:15 - 2013-06-30 19:15 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-30 19:15 - 2013-06-30 19:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-30 19:14 - 2013-06-30 17:54 - 00000000 ____D C:\Program Files\stinger
2013-06-30 19:14 - 2013-06-30 17:44 - 00000000 ____D C:\virusweg
2013-06-30 19:09 - 2013-06-30 16:05 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-30 17:55 - 2013-06-30 17:55 - 00000000 ____D C:\Stinger_Quarantine
2013-06-30 12:01 - 2013-06-30 12:01 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2
2013-06-30 12:01 - 2013-06-30 12:01 - 00000000 ___HD C:\ProgramData\CanonEPP
2013-06-30 11:49 - 2011-08-20 19:18 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-06-25 18:12 - 2013-05-30 12:19 - 00000000 ____D C:\Users\mpg\AppData\Roaming\DVDVideoSoft
2013-06-25 00:00 - 2012-10-10 03:37 - 00000000 ____D C:\Windows\rescache
2013-06-24 23:14 - 2013-06-24 23:14 - 00000000 ____D C:\Users\mpg\Application Data\Adobe
2013-06-19 23:06 - 2012-09-15 23:58 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-12 16:11 - 2012-05-28 11:10 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 16:11 - 2011-08-01 02:05 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-08 16:08 - 2013-06-23 12:49 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-23 12:49 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-23 12:49 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-23 12:49 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-23 12:49 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-23 12:50 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-23 12:49 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-23 12:49 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-23 12:49 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-23 12:49 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-23 12:49 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-23 12:50 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 07:56

==================== End Of Log ============================
--- --- ---


LG


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:39 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132