Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Backdoor und diverse Trojaner gefunden

Backdoor und diverse Trojaner gefunden


Plagegeister aller Art und deren Bekämpfung: Backdoor und diverse Trojaner gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.08.2013, 16:41   #1
Snowflake
 
Backdoor und diverse Trojaner gefunden - Standard

Backdoor und diverse Trojaner gefunden


Grüezi, ich habe verschiedene Trojaner und ein Backdoor Programm gefunden. Mit Avira und Windows Defender habe ich diese Malware in die Quarantäne gesendet, bin aber nicht sicher, ob alles weg ist. Ich habe auch ein Windows Update und Defender Update erstellt. Auch Avira bekam noch die letzten Updates. Was kann ich noch tun ?

Freundlichen Gruss

Alt 07.08.2013, 19:17   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Backdoor und diverse Trojaner gefunden - Standard

Backdoor und diverse Trojaner gefunden


hi,

was wurde wo gefunden? Logfiles vond en Scannern?

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 07.08.2013, 21:42   #3
Snowflake
 
Backdoor und diverse Trojaner gefunden - Standard

Backdoor und diverse Trojaner gefunden


BACKDOOR;Win32/Kelihos.F



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-08-2013
Ran by Solytheo (administrator) on 07-08-2013 22:33:48
Running from C:\Users\Solytheo\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\devolo\dlan\devolonetsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Users\Solytheo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U37ZODP2\msert.exe
(Microsoft Corporation) C:\Users\Solytheo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U37ZODP2\msert.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-09-26] (Chicony)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-21] (Google)
HKLM\...\Run: [topi] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [141608 2010-07-21] (Apple Inc.)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-26] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [TOSCDSPD] - TOSCDSPD.EXE [x]
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [VideoInformer] - C:\Users\Solytheo\AppData\Local\Temp\defwatch.exe [1126400 2012-07-06] (Microsoft Corporation) <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Solytheo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={83E388FA-A011-487A-97FA-B4C76F0D0835}&mid=69ebc94a00bb47d1b302d1577517b189-fd15cf0fa316b73009b8edc0f17974a6525bd3b3&lang=de&ds=AVG&pr=fr&d=2012-01-08 17:06:38&v=9.0.0.21&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=5g0AmqiR897IlWybHN_gw7kgG1U?q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={83E388FA-A011-487A-97FA-B4C76F0D0835}&mid=69ebc94a00bb47d1b302d1577517b189-fd15cf0fa316b73009b8edc0f17974a6525bd3b3&lang=de&ds=AVG&pr=fr&d=2012-01-08 17:06:38&v=9.0.0.21&sap=dsp&q={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab
DPF: {D59124D5-442C-44C5-BD9A-E81BB0582D55} hxxp://www.greencube.ch/AP_App_Content/download/setup/setup.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 62.12.130.66 193.246.253.10

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [2231616 2010-07-19] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-21] (Google)
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MSSQL$GREENSQL2005; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [77824 2008-08-25] (Toshiba)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-25] (Avira Operations GmbH & Co. KG)
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41888 2007-05-09] (Logitech Inc.)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [14112 2007-05-09] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [1276832 2007-05-09] (Logitech Inc.)
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [22528 2013-02-09] (Feitian Technologies Co., Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-03] (Avira GmbH)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-07 22:29 - 2013-08-07 14:20 - 01229076 _____ (Farbar) C:\Users\Solytheo\Desktop\FRST.exe
2013-08-07 18:50 - 2013-08-07 18:52 - 82222352 _____ (Microsoft Corporation) C:\Users\Solytheo\Downloads\mpam-fe.exe
2013-08-07 18:33 - 2013-08-07 18:33 - 00004992 _____ C:\Windows\PFRO.log
2013-08-07 18:18 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-08-07 18:18 - 2012-08-23 16:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-07 18:17 - 2013-08-07 18:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-07 18:17 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-08-07 18:17 - 2012-08-23 16:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-08-07 18:17 - 2012-08-23 16:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-08-07 18:17 - 2012-08-23 15:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-08-07 18:17 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-08-07 18:17 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-08-07 18:17 - 2012-08-23 15:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-08-07 18:17 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-08-07 18:17 - 2012-08-23 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-08-07 18:17 - 2012-08-23 13:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-08-07 18:17 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-08-07 18:17 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-08-07 18:17 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-08-07 18:17 - 2012-08-23 12:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-07 18:17 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-08-07 18:16 - 2013-08-07 18:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2013-08-07 18:14 - 2012-08-24 19:05 - 00136560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-08-07 18:14 - 2012-08-24 19:02 - 00369856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-08-07 18:14 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-08-07 18:14 - 2012-08-24 18:56 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-08-07 18:14 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-08-07 17:48 - 2013-08-07 17:48 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-07 17:48 - 2013-08-07 17:47 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-07 17:47 - 2013-08-07 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-07 17:47 - 2013-08-07 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-07 17:47 - 2013-08-07 17:47 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-07 17:45 - 2013-08-07 17:45 - 00903080 _____ (Oracle Corporation) C:\Users\Solytheo\Downloads\JavaSetup7u25.exe
2013-08-07 17:04 - 2013-08-07 18:02 - 00340112 ____H C:\Users\Solytheo\Desktop\~WRL0003.tmp
2013-08-07 16:47 - 2013-08-07 18:35 - 00003542 _____ C:\Windows\setupact.log
2013-08-07 16:47 - 2013-08-07 16:47 - 00000000 _____ C:\Windows\setuperr.log
2013-08-07 16:45 - 2013-08-07 16:45 - 00102682 _____ C:\Windows\system32\cc_20130807_164516.reg
2013-08-07 16:17 - 2013-08-07 16:35 - 00000000 ____D C:\Windows\system32\MRT
2013-08-07 16:07 - 2013-08-07 16:07 - 00000977 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-07 16:07 - 2013-08-07 16:07 - 00000000 ____D C:\Program Files\CCleaner
2013-08-07 15:35 - 2013-08-07 15:35 - 00000000 ____D C:\FRST
2013-07-14 19:25 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-14 19:25 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-14 19:25 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-14 19:25 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-14 19:25 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-14 19:25 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-14 19:25 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-14 19:25 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-14 19:25 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-14 19:25 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-14 19:25 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-14 19:25 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-14 19:25 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-14 19:25 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-14 19:25 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-14 19:25 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-14 19:24 - 2013-07-14 19:24 - 00000197 _____ C:\Windows\system32\MRT.INI
2013-07-12 07:19 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 07:19 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 07:19 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 07:19 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-07 22:33 - 2010-01-10 16:38 - 01649198 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-07 22:18 - 2012-07-15 10:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-07 20:04 - 2010-01-10 16:30 - 01361817 _____ C:\Windows\WindowsUpdate.log
2013-08-07 19:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-08-07 18:52 - 2013-08-07 18:50 - 82222352 _____ (Microsoft Corporation) C:\Users\Solytheo\Downloads\mpam-fe.exe
2013-08-07 18:48 - 2010-01-10 16:12 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-07 18:48 - 2010-01-10 16:12 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-07 18:40 - 2010-04-03 20:46 - 00000000 ____D C:\Users\Solytheo\AppData\Roaming\Skype
2013-08-07 18:35 - 2013-08-07 16:47 - 00003542 _____ C:\Windows\setupact.log
2013-08-07 18:35 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-07 18:33 - 2013-08-07 18:33 - 00004992 _____ C:\Windows\PFRO.log
2013-08-07 18:32 - 2009-07-14 10:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-08-07 18:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-07 18:17 - 2013-08-07 18:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-07 18:16 - 2013-08-07 18:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2013-08-07 18:15 - 2010-01-10 16:12 - 00000000 ____D C:\Program Files\CONEXANT
2013-08-07 18:02 - 2013-08-07 17:04 - 00340112 ____H C:\Users\Solytheo\Desktop\~WRL0003.tmp
2013-08-07 17:48 - 2013-08-07 17:48 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-07 17:47 - 2013-08-07 17:48 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-07 17:47 - 2013-08-07 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-07 17:47 - 2013-08-07 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-07 17:47 - 2013-08-07 17:47 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-07 17:47 - 2012-07-19 18:32 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-08-07 17:47 - 2010-07-06 18:16 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-07 17:47 - 2008-08-11 15:37 - 00000000 ____D C:\Program Files\Java
2013-08-07 17:45 - 2013-08-07 17:45 - 00903080 _____ (Oracle Corporation) C:\Users\Solytheo\Downloads\JavaSetup7u25.exe
2013-08-07 16:57 - 2011-02-27 21:13 - 00000000 ____D C:\Program Files\Adobe
2013-08-07 16:57 - 2009-11-15 19:05 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Adobe
2013-08-07 16:57 - 2008-08-11 16:19 - 00000000 ____D C:\ProgramData\Adobe
2013-08-07 16:47 - 2013-08-07 16:47 - 00000000 _____ C:\Windows\setuperr.log
2013-08-07 16:45 - 2013-08-07 16:45 - 00102682 _____ C:\Windows\system32\cc_20130807_164516.reg
2013-08-07 16:43 - 2013-01-19 17:50 - 00000000 ____D C:\Windows\Minidump
2013-08-07 16:43 - 2010-01-10 16:08 - 00000000 ____D C:\Windows\Panther
2013-08-07 16:35 - 2013-08-07 16:17 - 00000000 ____D C:\Windows\system32\MRT
2013-08-07 16:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-07 16:17 - 2008-08-11 16:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-07 16:17 - 2006-11-02 12:23 - 00000251 _____ C:\Windows\win.ini
2013-08-07 16:07 - 2013-08-07 16:07 - 00000977 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-07 16:07 - 2013-08-07 16:07 - 00000000 ____D C:\Program Files\CCleaner
2013-08-07 15:35 - 2013-08-07 15:35 - 00000000 ____D C:\FRST
2013-08-07 14:20 - 2013-08-07 22:29 - 01229076 _____ (Farbar) C:\Users\Solytheo\Desktop\FRST.exe
2013-08-07 10:57 - 2012-11-09 13:07 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Banana.ch
2013-08-07 10:57 - 2011-03-14 18:51 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Information Factory
2013-08-07 10:57 - 2010-04-05 13:21 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Apple Computer
2013-08-07 10:57 - 2010-04-05 13:10 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Apple
2013-08-07 10:57 - 2009-10-10 17:36 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Google
2013-07-23 13:47 - 2010-12-11 15:30 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-07-23 13:47 - 2010-12-11 15:30 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-07-15 18:35 - 2013-03-18 19:37 - 00037136 _____ C:\Users\Solytheo\Desktop\Spesen 2013 2.xlsx
2013-07-14 19:50 - 2009-07-14 06:33 - 00446832 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-14 19:47 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-14 19:47 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-14 19:24 - 2013-07-14 19:24 - 00000197 _____ C:\Windows\system32\MRT.INI
2013-07-13 21:41 - 2013-05-04 16:33 - 00000000 ____D C:\Users\Solytheo\Banana Buchhaltung
2013-07-13 21:41 - 2013-04-08 10:55 - 00000000 ____D C:\Users\Solytheo\Documents\Eigene PaperPort-Dokumente
2013-07-13 21:41 - 2013-04-07 16:55 - 00000000 ____D C:\Users\Solytheo\Documents\Steuerfaelle
2013-07-13 21:41 - 2012-11-09 13:35 - 00000000 ____D C:\Users\Solytheo\Documents\Computer
2013-07-13 21:41 - 2012-11-09 13:34 - 00000000 ____D C:\Users\Solytheo\Documents\Privat
2013-07-13 21:41 - 2012-11-09 13:29 - 00000000 ____D C:\Users\Solytheo\Documents\Geschäft
2013-07-13 21:41 - 2011-10-23 20:27 - 00000000 ____D C:\Users\Solytheo\Downloads\rempnp
2013-07-13 21:41 - 2011-09-25 12:26 - 00000000 ____D C:\Users\Solytheo\Downloads\Treiber Brother MFC295CN
2013-07-13 21:41 - 2011-07-30 00:20 - 00000000 ____D C:\Users\Solytheo\AppData\Local\mquadr.at
2013-07-13 21:41 - 2011-07-30 00:01 - 00000000 ____D C:\Users\Solytheo\AppData\Local\PackageAware
2013-07-13 21:41 - 2010-08-23 17:43 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Scansoft
2013-07-13 21:41 - 2010-05-29 19:01 - 00000000 ____D C:\Users\Solytheo\Downloads\Navisworks Freedom
2013-07-13 21:41 - 2010-05-02 16:52 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Microsoft Help
2013-07-13 21:41 - 2010-04-05 13:05 - 00000000 ____D C:\Users\Solytheo\Downloads\iTunes
2013-07-13 21:41 - 2010-04-03 20:33 - 00000000 ____D C:\Users\Solytheo\Downloads\skype
2013-07-13 21:41 - 2010-01-10 23:53 - 00000000 ____D C:\Users\Solytheo\Downloads\Adobe Reader
2013-07-13 21:41 - 2010-01-10 23:06 - 00000000 ____D C:\Users\Solytheo\Downloads\Antivir
2013-07-13 21:41 - 2010-01-10 16:13 - 00000000 ____D C:\Users\Solytheo
2013-07-13 21:41 - 2009-11-15 18:47 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Microsoft Corporation
2013-07-13 21:41 - 2009-10-10 17:35 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Toshiba
2013-07-13 21:41 - 2009-10-10 17:34 - 00000000 ____D C:\Users\Solytheo\AppData\Local\VirtualStore

Files to move or delete:
====================
C:\Users\Solytheo\AppData\Local\Temp\defwatch.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-19 19:13

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-08-2013
Ran by Solytheo at 2013-08-07 22:34:25
Running from C:\Users\Solytheo\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Apple Application Support (Version: 1.3.0)
Apple Mobile Device Support (Version: 3.1.0.62)
Apple Software Update (Version: 2.1.2.120)
Atheros Driver Installation Program (Version: 5.0)
Atheros Wi-Fi Protected Setup Library
Avira Free Antivirus (Version: 13.0.0.3885)
Banana Buchhaltung 7.0 (Version: 7.0.1.0)
Bonjour (Version: 2.0.2.0)
Brother MFL-Pro Suite MFC-295CN (Version: 1.0.1.0)
Camera Assistant Software for Toshiba (Version: 1.7.231.1126L)
CCleaner (Version: 4.04)
CD/DVD Drive Acoustic Silencer (Version: 2.02.03)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
devolo dLAN Cockpit (Version: 1.0)
devolo dLAN-Konfigurationsassistent (Version: 20.0.0.0)
devolo Informer (Version: 28.0.0.0)
dLAN Cockpit (Version: 1.19.07)
DVD MovieFactory for TOSHIBA (Version: 5.51)
eTax.schwyz 2010 nP 9.0.1 (Version: 9.0.1)
eTax.schwyz 2011 nP 10.0.4 (Version: 10.0.4)
eTax.schwyz 2012 nP 11.0.4 (Version: 11.0.4)
Google Desktop (Version: 5.9.1005.12335)
greenCube (C:\Program Files\greenCube) (Version: 4.1.16.0001)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.50)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1883)
Intel® Matrix Storage Manager
iTunes (Version: 9.2.1.5)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (GREENSQL2005) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 (Version: 3.0.5305.0)
Microsoft XML Parser (Version: 8.20.8730.4)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
myphotobook 3.6 (Version: 3.6)
NetWaiting (Version: 2.5.52)
Nuance PDF Viewer Plus (Version: 5.30.3290)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
PaperPort Image Printer (Version: 1.00.0000)
Picasa 3 (Version: 3.8)
Private Tax 2010 (Version: 1.1.2.583)
Private Tax 2011 1.4 (Version: 1.4)
QuickTime (Version: 7.66.71.0)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
Safari (Version: 5.31.22.7)
ScanSoft PaperPort 11 (Version: 11.2.0000)
Scansoft PDF Professional
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Toolbars (Version: 1.0.4051)
Skype™ 6.3 (Version: 6.3.107)
SofTax GR 2011 NP (Version: 1.1.8.3049)
Synaptics Pointing Device Driver (Version: 11.2.4.0)
TeamViewer 6 (Version: 6.0.11656)
Tools für Microsoft SQL Server 2005 Express Edition (Version: 9.4.5000.00)
TOSHIBA Assist (Version: 2.01.08)
TOSHIBA Benutzerhandbücher (Version: 7.40)
TOSHIBA ConfigFree (Version: 8.0.23)
TOSHIBA Disc Creator (Version: 2.1.0.1)
TOSHIBA DVD PLAYER (Version: 2.50.0.11-AU)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 2.0.17.32)
TOSHIBA Hardware Setup (Version: 2.00.11)
Toshiba Online Product Information (Version: 1.00.0012)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.1b)
TOSHIBA Supervisor Password (Version: 2.00.10)
TOSHIBA Value Added Package (Version: 1.2.28)
TRDCReminder (Version: 1.00.0015)
TRORDCLauncher (Version: 1.0.0.1)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.5000.00)
upc cablecom Installer (Version: 6.1.0.4)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Windows 7 Upgrade Advisor (Version: 2.0.3001.0)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
 

==================== Restore Points  =========================

07-08-2013 14:08:43 Windows Update
07-08-2013 14:55:55 Removed Adobe Reader 9.5.4.
07-08-2013 15:01:35 Windows Defender Checkpoint
07-08-2013 15:47:30 Installed Java 7 Update 25
07-08-2013 16:14:19 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0A2DC18A-322F-4955-B653-BF81478E9C27} - System32\Tasks\{F0E0BD8D-7614-4158-B99F-A000FD758ABD} => C:\Program Files\Internet Explorer\IEXPLORE.EXE [2013-06-12] (Microsoft Corporation)
Task: {0B9E37C9-A0FF-4EEA-911F-5D6DBE473935} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3C16AC0D-FF01-486E-ACBD-C7F08C443DA2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {3F84CB72-66F6-4F1B-ABF9-C38C3AE4492F} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs No File
Task: {59FB0C7C-59F6-448A-ACA1-879A5B6C0A2B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {68F45A7C-1009-4060-8208-86F4575029E4} - System32\Tasks\User_Feed_Synchronization-{ECD9738C-3BA7-482C-8FC1-60B9ABC6C81E} => C:\Windows\system32\msfeedssync.exe [2013-06-19] (Microsoft Corporation)
Task: {7E619083-2145-4809-A108-EE8F841C0B9E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {87AB7BF9-3902-4AD1-9FA0-480F558DF140} - System32\Tasks\{2DBE2333-59F9-48C1-A264-8C03A69941D6} => C:\Program Files\Skype\Phone\Skype.exe [2013-04-19] (Skype Technologies S.A.)
Task: {99A54D22-FE59-4709-9A0D-7720BA22AFFA} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-09-03] (TOSHIBA CORPORATION)
Task: {A82BD177-CF53-4803-8E42-29E8C515560E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {DA9BCDDA-A33D-4BE8-8708-04800945F982} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============

Name: JumpStart Wireless Filter Driver
Description: JumpStart Wireless Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: jswpslwf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/07/2013 06:35:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2013 05:59:58 PM) (Source: Application Hang) (User: )
Description: Programm FRST.exe, Version 3.3.8.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 628

Startzeit: 01ce9386ebe13321

Endzeit: 16

Anwendungspfad: C:\Users\Solytheo\Desktop\FRST.exe

Berichts-ID: 52704097-ff7a-11e2-a29a-001e33f3587a

Error: (08/07/2013 04:49:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2013 04:27:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2013 04:16:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2013 00:50:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2013 04:45:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 08:29:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2013 00:00:12 AM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/07/29 00:00:12.907]: [00004204]: lperrcode->api = 1 , lperrcode->code = 2

Error: (07/29/2013 00:00:11 AM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/07/29 00:00:11.363]: [00004204]: lperrcode->api = 1 , lperrcode->code = 2


System errors:
=============
Error: (08/07/2013 10:28:39 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (08/07/2013 06:40:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde nicht richtig gestartet.

Error: (08/07/2013 06:35:47 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
jswpslwf

Error: (08/07/2013 04:47:56 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
jswpslwf

Error: (08/07/2013 04:26:21 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
jswpslwf

Error: (08/07/2013 00:54:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (08/07/2013 00:49:20 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
jswpslwf

Error: (08/05/2013 04:44:01 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
jswpslwf

Error: (08/05/2013 09:20:21 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (08/01/2013 05:50:02 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.


Microsoft Office Sessions:
=========================
Error: (08/07/2013 06:35:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2013 05:59:58 PM) (Source: Application Hang)(User: )
Description: FRST.exe3.3.8.162801ce9386ebe1332116C:\Users\Solytheo\Desktop\FRST.exe52704097-ff7a-11e2-a29a-001e33f3587a

Error: (08/07/2013 04:49:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2013 04:27:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2013 04:16:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2013 00:50:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2013 04:45:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 08:29:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2013 00:00:12 AM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/07/29 00:00:12.907]: [00004204]: lperrcode->api = 1 , lperrcode->code = 2

Error: (07/29/2013 00:00:11 AM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/07/29 00:00:11.363]: [00004204]: lperrcode->api = 1 , lperrcode->code = 2


==================== Memory info =========================== 

Percentage of memory in use: 53%
Total physical RAM: 2939.99 MB
Available physical RAM: 1360.23 MB
Total Pagefile: 5878.27 MB
Available Pagefile: 4061.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.82 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:148.89 GB) (Free:23.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:147.73 GB) (Free:142.5 GB) NTFS
Drive f: (POCKET) (Removable) (Total:7.2 GB) (Free:4.7 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 4BBF870C)
Partition 1: (Not Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)

==================== End Of Log ============================
__________________
Alt 08.08.2013, 11:26   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Backdoor und diverse Trojaner gefunden - Standard

Backdoor und diverse Trojaner gefunden


Zitat:
BACKDOOR;Win32/Kelihos.F
wo? Im Badezimmer, unterm Rechner? Wo? Ich brauch die Logfiles mit den Funden.
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.08.2013, 17:21   #5
Snowflake
 
Backdoor und diverse Trojaner gefunden - Standard

Backdoor und diverse Trojaner gefunden


Code:
ATTFilter
Combofix Logfile:


	
Code: 

 
ATTFilter


  

	
ComboFix 13-08-07.01 - Solytheo 08.08.2013  17:50:45.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.41.1031.18.2940.1943 [GMT 2:00]
ausgeführt von:: c:\users\Solytheo\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\pt\toscdspd.cpl.mui
c:\windows\system32\SETCB3E.tmp
c:\windows\system32\SETD834.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-08 bis 2013-08-08  ))))))))))))))))))))))))))))))
.
.
2013-08-08 15:59 . 2013-08-08 15:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-08-08 15:35 . 2013-08-08 15:35	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{06ECD76C-342C-4FD3-97FD-EA2C3132D5BE}\offreg.dll
2013-08-07 16:18 . 2012-08-23 14:10	12288	----a-w-	c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-07 16:18 . 2012-08-23 14:44	14848	----a-w-	c:\windows\system32\drivers\rdpvideominiport.sys
2013-08-07 16:14 . 2012-08-24 16:57	247808	----a-w-	c:\windows\system32\schannel.dll
2013-08-07 16:14 . 2012-08-24 17:05	136560	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-08-07 16:14 . 2012-08-24 17:02	369856	----a-w-	c:\windows\system32\drivers\cng.sys
2013-08-07 16:14 . 2012-08-24 16:56	1039360	----a-w-	c:\windows\system32\lsasrv.dll
2013-08-07 16:14 . 2012-05-04 09:59	514560	----a-w-	c:\windows\system32\qdvd.dll
2013-08-07 15:48 . 2013-08-07 15:48	--------	d-----w-	c:\program files\Common Files\Java
2013-08-07 15:47 . 2013-08-07 15:47	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-08-07 15:04 . 2013-07-15 01:34	7143960	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{06ECD76C-342C-4FD3-97FD-EA2C3132D5BE}\mpengine.dll
2013-08-07 14:45 . 2013-08-07 14:45	102682	----a-w-	c:\windows\system32\cc_20130807_164516.reg
2013-08-07 14:17 . 2013-08-07 14:35	--------	d-----w-	c:\windows\system32\MRT
2013-08-07 14:07 . 2013-08-07 14:07	--------	d-----w-	c:\program files\CCleaner
2013-08-07 13:35 . 2013-08-07 13:35	--------	d-----w-	C:\FRST
2013-07-12 05:19 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\system32\DWrite.dll
2013-07-12 05:19 . 2013-06-05 03:05	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-07-12 05:19 . 2013-06-04 04:53	509440	----a-w-	c:\windows\system32\qedit.dll
2013-07-12 05:19 . 2013-05-06 04:56	1620480	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-12 05:19 . 2013-04-10 05:04	1221632	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-07-12 05:19 . 2013-04-10 05:03	936448	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 05:19 . 2013-04-10 05:03	988672	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2013-07-12 05:19 . 2013-04-10 05:03	969216	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2013-07-12 05:18 . 2013-05-27 04:57	680960	----a-w-	c:\program files\Windows Defender\MpSvc.dll
2013-07-12 05:18 . 2013-05-27 04:57	392704	----a-w-	c:\program files\Windows Defender\MpClient.dll
2013-07-12 05:18 . 2013-05-27 04:57	224768	----a-w-	c:\program files\Windows Defender\MpCommu.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-07 15:47 . 2012-07-19 16:32	867240	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-08-07 15:47 . 2010-07-06 16:16	789416	----a-w-	c:\windows\system32\deployJava1.dll
2013-06-26 09:30 . 2013-05-07 14:20	67168	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-06-19 07:02 . 2013-06-19 07:02	745472	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-19 07:02 . 2013-06-19 07:02	185344	----a-w-	c:\windows\system32\elshyph.dll
2013-06-19 07:02 . 2013-06-19 07:02	158720	----a-w-	c:\windows\system32\msls31.dll
2013-06-19 07:02 . 2013-06-19 07:02	73728	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-06-19 07:02 . 2013-06-19 07:02	523264	----a-w-	c:\windows\system32\vbscript.dll
2013-06-19 07:02 . 2013-06-19 07:02	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-06-19 07:02 . 2013-06-19 07:02	38400	----a-w-	c:\windows\system32\imgutil.dll
2013-06-19 07:02 . 2013-06-19 07:02	150528	----a-w-	c:\windows\system32\iexpress.exe
2013-06-19 07:02 . 2013-06-19 07:02	138752	----a-w-	c:\windows\system32\wextract.exe
2013-06-19 07:02 . 2013-06-19 07:02	137216	----a-w-	c:\windows\system32\ieUnatt.exe
2013-06-19 07:02 . 2013-06-19 07:02	12800	----a-w-	c:\windows\system32\mshta.exe
2013-06-19 07:02 . 2013-06-19 07:02	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-06-19 07:02 . 2013-06-19 07:02	719360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-06-19 07:02 . 2013-06-19 07:02	61952	----a-w-	c:\windows\system32\tdc.ocx
2013-06-19 07:02 . 2013-06-19 07:02	361984	----a-w-	c:\windows\system32\html.iec
2013-06-19 07:02 . 2013-06-19 07:02	23040	----a-w-	c:\windows\system32\licmgr10.dll
2013-06-19 07:02 . 2013-06-19 07:02	1441280	----a-w-	c:\windows\system32\inetcpl.cpl
2013-06-11 17:55 . 2012-07-15 08:56	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-11 17:55 . 2011-08-10 12:02	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-13 04:45 . 2013-06-13 18:36	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-13 18:36	1160192	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-13 18:36	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-13 18:36	903168	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-13 18:36	43008	----a-w-	c:\windows\system32\certenc.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-21 30192]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-06-26 345144]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Solytheo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40	20480	----a-w-	c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-08 40448]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-21 30192]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-25 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-06-26 84024]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 DevoloNetworkService;devolo Network Service;c:\program files\devolo\dlan\devolonetsvc.exe [2010-07-19 2231616]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MSSQL$GREENSQL2005;SQL Server (GREENSQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2010-06-10 35840]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService	REG_MULTI_SZ   	HsfXAudioService
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 17:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.ch/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Mit PDF Viewer Plus öffnen - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {D59124D5-442C-44C5-BD9A-E81BB0582D55} - hxxp://www.greencube.ch/AP_App_Content/download/setup/setup.ocx
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-08  18:01:47
ComboFix-quarantined-files.txt  2013-08-08 16:01
.
Vor Suchlauf: 10 Verzeichnis(se), 25'481'764'864 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 25'172'123'648 Bytes frei
.
- - End Of File - - 4AA9FC5A6DA26383663A23E5BC14DFB7
         
 
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
Der BackDoor sitzt in der Quarantäne des Windows Defenders ???
Ich versuche nochmals einen Avira Scan zu erstellen.


Alt 08.08.2013, 19:22   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Backdoor und diverse Trojaner gefunden - Standard

Backdoor und diverse Trojaner gefunden


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Backdoor und diverse Trojaner gefunden

Alt 08.08.2013, 20:05   #7
Snowflake
 
Backdoor und diverse Trojaner gefunden - Standard

Backdoor und diverse Trojaner gefunden


Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.08.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Solytheo :: SOLYTHEO-PC [Administrator]

08.08.2013 20:50:03
mbam-log-2013-08-08 (20-50-03).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 226149
Laufzeit: 10 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 08/08/2013 um 21:07:16 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Solytheo - SOLYTHEO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Solytheo\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Solytheo\AppData\Local\PackageAware

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [4338 octets] - [08/08/2013 21:07:16]

########## EOF - C:\AdwCleaner[S1].txt - [4398 octets] ##########
JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.8 (08.07.2013:4)
OS: Windows 7 Home Premium x86
Ran by Solytheo on 08.08.2013 at 21:40:22.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted [File] C:\Windows\system32\Tasks\CreateChoiceProcessTask



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.08.2013 at 21:43:20.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-08-2013
Ran by Solytheo (administrator) on 08-08-2013 21:48:23
Running from C:\Users\Solytheo\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\devolo\dlan\devolonetsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-09-26] (Chicony)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-21] (Google)
HKLM\...\Run: [topi] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [141608 2010-07-21] (Apple Inc.)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-26] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Solytheo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab
DPF: {D59124D5-442C-44C5-BD9A-E81BB0582D55} hxxp://www.greencube.ch/AP_App_Content/download/setup/setup.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 62.12.130.66 193.246.253.10

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [2231616 2010-07-19] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-21] (Google)
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MSSQL$GREENSQL2005; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [77824 2008-08-25] (Toshiba)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-25] (Avira Operations GmbH & Co. KG)
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41888 2007-05-09] (Logitech Inc.)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [14112 2007-05-09] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [1276832 2007-05-09] (Logitech Inc.)
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [22528 2013-02-09] (Feitian Technologies Co., Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-03] (Avira GmbH)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)
S3 catchme; \??\C:\Users\Solytheo\AppData\Local\Temp\catchme.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-08 21:47 - 2013-08-08 21:47 - 00004467 _____ C:\Users\Solytheo\Desktop\AdwCleaner[S1].txt
2013-08-08 21:43 - 2013-08-08 21:47 - 00000709 _____ C:\Users\Solytheo\Desktop\JRT.txt
2013-08-08 21:40 - 2013-08-08 21:40 - 00000000 ____D C:\Windows\ERUNT
2013-08-08 21:39 - 2013-08-08 21:39 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\Solytheo\Downloads\JRT.exe
2013-08-08 21:07 - 2013-08-08 21:07 - 00004467 _____ C:\AdwCleaner[S1].txt
2013-08-08 21:06 - 2013-08-08 21:06 - 00666633 _____ C:\Users\Solytheo\Downloads\adwcleaner.exe
2013-08-08 20:48 - 2013-08-08 20:48 - 00000000 ____D C:\Users\Solytheo\AppData\Roaming\Malwarebytes
2013-08-08 20:47 - 2013-08-08 20:47 - 00001079 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-08 20:47 - 2013-08-08 20:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-08 20:47 - 2013-08-08 20:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-08 20:47 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-08 20:46 - 2013-08-08 20:46 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\Solytheo\Desktop\mbam-setup.exe
2013-08-08 18:03 - 2013-08-08 18:03 - 00015593 _____ C:\Users\Solytheo\Desktop\combofix.txt
2013-08-08 18:01 - 2013-08-08 18:01 - 00015580 _____ C:\ComboFix.txt
2013-08-08 17:48 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-08 17:48 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-08 17:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-08 17:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-08 17:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-08 17:48 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-08 17:48 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-08 17:48 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-08 17:45 - 2013-08-08 18:01 - 00000000 ____D C:\Qoobox
2013-08-08 17:45 - 2013-08-08 18:00 - 00000000 ____D C:\Windows\erdnt
2013-08-08 17:23 - 2013-08-07 14:22 - 05100713 ____R (Swearware) C:\Users\Solytheo\Desktop\ComboFix.exe
2013-08-07 22:29 - 2013-08-07 14:20 - 01229076 _____ (Farbar) C:\Users\Solytheo\Desktop\FRST.exe
2013-08-07 18:50 - 2013-08-07 18:52 - 82222352 _____ (Microsoft Corporation) C:\Users\Solytheo\Downloads\mpam-fe.exe
2013-08-07 18:33 - 2013-08-08 18:25 - 00005538 _____ C:\Windows\PFRO.log
2013-08-07 18:18 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-08-07 18:18 - 2012-08-23 16:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-07 18:17 - 2013-08-08 18:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-07 18:17 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-08-07 18:17 - 2012-08-23 16:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-08-07 18:17 - 2012-08-23 16:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-08-07 18:17 - 2012-08-23 15:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-08-07 18:17 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-08-07 18:17 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-08-07 18:17 - 2012-08-23 15:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-08-07 18:17 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-08-07 18:17 - 2012-08-23 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-08-07 18:17 - 2012-08-23 13:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-08-07 18:17 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-08-07 18:17 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-08-07 18:17 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-08-07 18:17 - 2012-08-23 12:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-07 18:17 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-08-07 18:16 - 2013-08-07 18:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2013-08-07 18:14 - 2012-08-24 19:05 - 00136560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-08-07 18:14 - 2012-08-24 19:02 - 00369856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-08-07 18:14 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-08-07 18:14 - 2012-08-24 18:56 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-08-07 18:14 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-08-07 17:48 - 2013-08-07 17:48 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-07 17:48 - 2013-08-07 17:47 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-07 17:47 - 2013-08-07 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-07 17:47 - 2013-08-07 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-07 17:47 - 2013-08-07 17:47 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-07 17:45 - 2013-08-07 17:45 - 00903080 _____ (Oracle Corporation) C:\Users\Solytheo\Downloads\JavaSetup7u25.exe
2013-08-07 16:47 - 2013-08-08 21:09 - 00007634 _____ C:\Windows\setupact.log
2013-08-07 16:47 - 2013-08-07 16:47 - 00000000 _____ C:\Windows\setuperr.log
2013-08-07 16:45 - 2013-08-07 16:45 - 00102682 _____ C:\Windows\system32\cc_20130807_164516.reg
2013-08-07 16:17 - 2013-08-07 16:35 - 00000000 ____D C:\Windows\system32\MRT
2013-08-07 16:07 - 2013-08-07 16:07 - 00000977 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-07 16:07 - 2013-08-07 16:07 - 00000000 ____D C:\Program Files\CCleaner
2013-08-07 15:35 - 2013-08-07 15:35 - 00000000 ____D C:\FRST
2013-07-14 19:25 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-14 19:25 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-14 19:25 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-14 19:25 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-14 19:25 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-14 19:25 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-14 19:25 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-14 19:25 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-14 19:25 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-14 19:25 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-14 19:25 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-14 19:25 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-14 19:25 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-14 19:25 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-14 19:25 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-14 19:25 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-14 19:24 - 2013-07-14 19:24 - 00000197 _____ C:\Windows\system32\MRT.INI
2013-07-12 07:19 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 07:19 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 07:19 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 07:19 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-08 21:47 - 2013-08-08 21:47 - 00004467 _____ C:\Users\Solytheo\Desktop\AdwCleaner[S1].txt
2013-08-08 21:47 - 2013-08-08 21:43 - 00000709 _____ C:\Users\Solytheo\Desktop\JRT.txt
2013-08-08 21:40 - 2013-08-08 21:40 - 00000000 ____D C:\Windows\ERUNT
2013-08-08 21:39 - 2013-08-08 21:39 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\Solytheo\Downloads\JRT.exe
2013-08-08 21:36 - 2010-01-10 16:30 - 01411830 _____ C:\Windows\WindowsUpdate.log
2013-08-08 21:21 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-08-08 21:18 - 2012-07-15 10:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-08 21:16 - 2010-01-10 16:12 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-08 21:16 - 2010-01-10 16:12 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-08 21:14 - 2010-04-03 20:46 - 00000000 ____D C:\Users\Solytheo\AppData\Roaming\Skype
2013-08-08 21:09 - 2013-08-07 16:47 - 00007634 _____ C:\Windows\setupact.log
2013-08-08 21:09 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-08 21:07 - 2013-08-08 21:07 - 00004467 _____ C:\AdwCleaner[S1].txt
2013-08-08 21:06 - 2013-08-08 21:06 - 00666633 _____ C:\Users\Solytheo\Downloads\adwcleaner.exe
2013-08-08 20:48 - 2013-08-08 20:48 - 00000000 ____D C:\Users\Solytheo\AppData\Roaming\Malwarebytes
2013-08-08 20:47 - 2013-08-08 20:47 - 00001079 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-08 20:47 - 2013-08-08 20:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-08 20:47 - 2013-08-08 20:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-08 20:46 - 2013-08-08 20:46 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\Solytheo\Desktop\mbam-setup.exe
2013-08-08 18:32 - 2010-01-10 16:38 - 01649198 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-08 18:25 - 2013-08-07 18:33 - 00005538 _____ C:\Windows\PFRO.log
2013-08-08 18:25 - 2013-08-07 18:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-08 18:03 - 2013-08-08 18:03 - 00015593 _____ C:\Users\Solytheo\Desktop\combofix.txt
2013-08-08 18:01 - 2013-08-08 18:01 - 00015580 _____ C:\ComboFix.txt
2013-08-08 18:01 - 2013-08-08 17:45 - 00000000 ____D C:\Qoobox
2013-08-08 18:01 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-08-08 18:00 - 2013-08-08 17:45 - 00000000 ____D C:\Windows\erdnt
2013-08-08 17:59 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-08-08 17:58 - 2008-08-11 16:05 - 00000000 ____D C:\Windows\system32\pt
2013-08-07 18:52 - 2013-08-07 18:50 - 82222352 _____ (Microsoft Corporation) C:\Users\Solytheo\Downloads\mpam-fe.exe
2013-08-07 18:32 - 2009-07-14 10:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-08-07 18:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-07 18:16 - 2013-08-07 18:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2013-08-07 18:15 - 2010-01-10 16:12 - 00000000 ____D C:\Program Files\CONEXANT
2013-08-07 17:48 - 2013-08-07 17:48 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-07 17:47 - 2013-08-07 17:48 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-07 17:47 - 2013-08-07 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-07 17:47 - 2013-08-07 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-07 17:47 - 2013-08-07 17:47 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-07 17:47 - 2012-07-19 18:32 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-08-07 17:47 - 2010-07-06 18:16 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-07 17:47 - 2008-08-11 15:37 - 00000000 ____D C:\Program Files\Java
2013-08-07 17:45 - 2013-08-07 17:45 - 00903080 _____ (Oracle Corporation) C:\Users\Solytheo\Downloads\JavaSetup7u25.exe
2013-08-07 16:57 - 2011-02-27 21:13 - 00000000 ____D C:\Program Files\Adobe
2013-08-07 16:57 - 2009-11-15 19:05 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Adobe
2013-08-07 16:57 - 2008-08-11 16:19 - 00000000 ____D C:\ProgramData\Adobe
2013-08-07 16:47 - 2013-08-07 16:47 - 00000000 _____ C:\Windows\setuperr.log
2013-08-07 16:45 - 2013-08-07 16:45 - 00102682 _____ C:\Windows\system32\cc_20130807_164516.reg
2013-08-07 16:43 - 2013-01-19 17:50 - 00000000 ____D C:\Windows\Minidump
2013-08-07 16:43 - 2010-01-10 16:08 - 00000000 ____D C:\Windows\Panther
2013-08-07 16:35 - 2013-08-07 16:17 - 00000000 ____D C:\Windows\system32\MRT
2013-08-07 16:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-07 16:17 - 2008-08-11 16:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-07 16:17 - 2006-11-02 12:23 - 00000251 _____ C:\Windows\win.ini
2013-08-07 16:07 - 2013-08-07 16:07 - 00000977 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-07 16:07 - 2013-08-07 16:07 - 00000000 ____D C:\Program Files\CCleaner
2013-08-07 15:35 - 2013-08-07 15:35 - 00000000 ____D C:\FRST
2013-08-07 14:22 - 2013-08-08 17:23 - 05100713 ____R (Swearware) C:\Users\Solytheo\Desktop\ComboFix.exe
2013-08-07 14:20 - 2013-08-07 22:29 - 01229076 _____ (Farbar) C:\Users\Solytheo\Desktop\FRST.exe
2013-08-07 10:57 - 2012-11-09 13:07 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Banana.ch
2013-08-07 10:57 - 2011-03-14 18:51 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Information Factory
2013-08-07 10:57 - 2010-04-05 13:21 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Apple Computer
2013-08-07 10:57 - 2010-04-05 13:10 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Apple
2013-08-07 10:57 - 2009-10-10 17:36 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Google
2013-07-23 13:47 - 2010-12-11 15:30 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-07-23 13:47 - 2010-12-11 15:30 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-07-15 18:35 - 2013-03-18 19:37 - 00037136 _____ C:\Users\Solytheo\Desktop\Spesen 2013 2.xlsx
2013-07-14 19:50 - 2009-07-14 06:33 - 00446832 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-14 19:47 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-14 19:47 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-14 19:24 - 2013-07-14 19:24 - 00000197 _____ C:\Windows\system32\MRT.INI
2013-07-13 21:41 - 2013-05-04 16:33 - 00000000 ____D C:\Users\Solytheo\Banana Buchhaltung
2013-07-13 21:41 - 2013-04-08 10:55 - 00000000 ____D C:\Users\Solytheo\Documents\Eigene PaperPort-Dokumente
2013-07-13 21:41 - 2013-04-07 16:55 - 00000000 ____D C:\Users\Solytheo\Documents\Steuerfaelle
2013-07-13 21:41 - 2012-11-09 13:35 - 00000000 ____D C:\Users\Solytheo\Documents\Computer
2013-07-13 21:41 - 2012-11-09 13:34 - 00000000 ____D C:\Users\Solytheo\Documents\Privat
2013-07-13 21:41 - 2012-11-09 13:29 - 00000000 ____D C:\Users\Solytheo\Documents\Geschäft
2013-07-13 21:41 - 2011-10-23 20:27 - 00000000 ____D C:\Users\Solytheo\Downloads\rempnp
2013-07-13 21:41 - 2011-09-25 12:26 - 00000000 ____D C:\Users\Solytheo\Downloads\Treiber Brother MFC295CN
2013-07-13 21:41 - 2011-07-30 00:20 - 00000000 ____D C:\Users\Solytheo\AppData\Local\mquadr.at
2013-07-13 21:41 - 2010-08-23 17:43 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Scansoft
2013-07-13 21:41 - 2010-05-29 19:01 - 00000000 ____D C:\Users\Solytheo\Downloads\Navisworks Freedom
2013-07-13 21:41 - 2010-05-02 16:52 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Microsoft Help
2013-07-13 21:41 - 2010-04-05 13:05 - 00000000 ____D C:\Users\Solytheo\Downloads\iTunes
2013-07-13 21:41 - 2010-04-03 20:33 - 00000000 ____D C:\Users\Solytheo\Downloads\skype
2013-07-13 21:41 - 2010-01-10 23:53 - 00000000 ____D C:\Users\Solytheo\Downloads\Adobe Reader
2013-07-13 21:41 - 2010-01-10 23:06 - 00000000 ____D C:\Users\Solytheo\Downloads\Antivir
2013-07-13 21:41 - 2010-01-10 16:13 - 00000000 ____D C:\Users\Solytheo
2013-07-13 21:41 - 2009-11-15 18:47 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Microsoft Corporation
2013-07-13 21:41 - 2009-10-10 17:35 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Toshiba
2013-07-13 21:41 - 2009-10-10 17:34 - 00000000 ____D C:\Users\Solytheo\AppData\Local\VirtualStore

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-19 19:13

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-08-2013
Ran by Solytheo at 2013-08-08 21:49:51
Running from C:\Users\Solytheo\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Apple Application Support (Version: 1.3.0)
Apple Mobile Device Support (Version: 3.1.0.62)
Apple Software Update (Version: 2.1.2.120)
Atheros Driver Installation Program (Version: 5.0)
Atheros Wi-Fi Protected Setup Library
Avira Free Antivirus (Version: 13.0.0.3885)
Banana Buchhaltung 7.0 (Version: 7.0.1.0)
Bonjour (Version: 2.0.2.0)
Brother MFL-Pro Suite MFC-295CN (Version: 1.0.1.0)
Camera Assistant Software for Toshiba (Version: 1.7.231.1126L)
CCleaner (Version: 4.04)
CD/DVD Drive Acoustic Silencer (Version: 2.02.03)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
devolo dLAN Cockpit (Version: 1.0)
devolo dLAN-Konfigurationsassistent (Version: 20.0.0.0)
devolo Informer (Version: 28.0.0.0)
dLAN Cockpit (Version: 1.19.07)
DVD MovieFactory for TOSHIBA (Version: 5.51)
eTax.schwyz 2010 nP 9.0.1 (Version: 9.0.1)
eTax.schwyz 2011 nP 10.0.4 (Version: 10.0.4)
eTax.schwyz 2012 nP 11.0.4 (Version: 11.0.4)
Google Desktop (Version: 5.9.1005.12335)
greenCube (C:\Program Files\greenCube) (Version: 4.1.16.0001)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.50)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1883)
Intel® Matrix Storage Manager
iTunes (Version: 9.2.1.5)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (GREENSQL2005) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 (Version: 3.0.5305.0)
Microsoft XML Parser (Version: 8.20.8730.4)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
myphotobook 3.6 (Version: 3.6)
NetWaiting (Version: 2.5.52)
Nuance PDF Viewer Plus (Version: 5.30.3290)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
PaperPort Image Printer (Version: 1.00.0000)
Picasa 3 (Version: 3.8)
Private Tax 2010 (Version: 1.1.2.583)
Private Tax 2011 1.4 (Version: 1.4)
QuickTime (Version: 7.66.71.0)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
Safari (Version: 5.31.22.7)
ScanSoft PaperPort 11 (Version: 11.2.0000)
Scansoft PDF Professional
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Toolbars (Version: 1.0.4051)
Skype™ 6.3 (Version: 6.3.107)
SofTax GR 2011 NP (Version: 1.1.8.3049)
Synaptics Pointing Device Driver (Version: 11.2.4.0)
TeamViewer 6 (Version: 6.0.11656)
Tools für Microsoft SQL Server 2005 Express Edition (Version: 9.4.5000.00)
TOSHIBA Assist (Version: 2.01.08)
TOSHIBA Benutzerhandbücher (Version: 7.40)
TOSHIBA ConfigFree (Version: 8.0.23)
TOSHIBA Disc Creator (Version: 2.1.0.1)
TOSHIBA DVD PLAYER (Version: 2.50.0.11-AU)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 2.0.17.32)
TOSHIBA Hardware Setup (Version: 2.00.11)
Toshiba Online Product Information (Version: 1.00.0012)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.1b)
TOSHIBA Supervisor Password (Version: 2.00.10)
TOSHIBA Value Added Package (Version: 1.2.28)
TRDCReminder (Version: 1.00.0015)
TRORDCLauncher (Version: 1.0.0.1)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.5000.00)
upc cablecom Installer (Version: 6.1.0.4)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Windows 7 Upgrade Advisor (Version: 2.0.3001.0)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
 

==================== Restore Points  =========================

07-08-2013 15:47:30 Installed Java 7 Update 25
07-08-2013 16:14:19 Windows Update
08-08-2013 16:23:08 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2013-08-08 17:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0A2DC18A-322F-4955-B653-BF81478E9C27} - System32\Tasks\{F0E0BD8D-7614-4158-B99F-A000FD758ABD} => C:\Program Files\Internet Explorer\IEXPLORE.EXE [2013-06-12] (Microsoft Corporation)
Task: {0B9E37C9-A0FF-4EEA-911F-5D6DBE473935} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3C16AC0D-FF01-486E-ACBD-C7F08C443DA2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {3C7C3D4C-F873-41C2-A97E-DE097D82A82F} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {4EF7CFFF-5CA1-47F8-97BC-FA9B0C27EFB3} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs No File
Task: {68F45A7C-1009-4060-8208-86F4575029E4} - System32\Tasks\User_Feed_Synchronization-{ECD9738C-3BA7-482C-8FC1-60B9ABC6C81E} => C:\Windows\system32\msfeedssync.exe [2013-06-19] (Microsoft Corporation)
Task: {7E619083-2145-4809-A108-EE8F841C0B9E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {87AB7BF9-3902-4AD1-9FA0-480F558DF140} - System32\Tasks\{2DBE2333-59F9-48C1-A264-8C03A69941D6} => C:\Program Files\Skype\Phone\Skype.exe [2013-04-19] (Skype Technologies S.A.)
Task: {99A54D22-FE59-4709-9A0D-7720BA22AFFA} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-09-03] (TOSHIBA CORPORATION)
Task: {A82BD177-CF53-4803-8E42-29E8C515560E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {DA9BCDDA-A33D-4BE8-8708-04800945F982} - \CreateChoiceProcessTask No Task File
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============

Name: JumpStart Wireless Filter Driver
Description: JumpStart Wireless Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: jswpslwf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 2939.99 MB
Available physical RAM: 1981.69 MB
Total Pagefile: 5878.27 MB
Available Pagefile: 4665.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.05 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:148.89 GB) (Free:23.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:147.73 GB) (Free:142.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 4BBF870C)
Partition 1: (Not Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Geändert von Snowflake (08.08.2013 um 20:56 Uhr)

Alt 09.08.2013, 10:18   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Backdoor und diverse Trojaner gefunden - Standard

Backdoor und diverse Trojaner gefunden



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.08.2013, 13:29   #9
Snowflake
 
Backdoor und diverse Trojaner gefunden - Standard

Backdoor und diverse Trojaner gefunden


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c028defe50bf5c479c3c9082324be7ec
# engine=14707
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-09 11:51:45
# local_time=2013-08-09 01:51:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 69997 16165190 63858 0
# compatibility_mode=5893 16776573 100 94 55730 127680296 0 0
# scanned=164044
# found=0
# cleaned=0
# scan_time=6276
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.72  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 CCleaner     
 Java 7 Update 25  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 TOSHIBA Toshiba Online Product Information TOPI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-08-2013
Ran by Solytheo (administrator) on 09-08-2013 14:16:31
Running from C:\Users\Solytheo\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\devolo\dlan\devolonetsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Apple Inc.) C:\Program Files\Safari\Safari.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-09-26] (Chicony)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-21] (Google)
HKLM\...\Run: [topi] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [141608 2010-07-21] (Apple Inc.)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-26] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Solytheo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab
DPF: {D59124D5-442C-44C5-BD9A-E81BB0582D55} hxxp://www.greencube.ch/AP_App_Content/download/setup/setup.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 62.12.130.66 193.246.253.10

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [2231616 2010-07-19] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-21] (Google)
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MSSQL$GREENSQL2005; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [77824 2008-08-25] (Toshiba)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-25] (Avira Operations GmbH & Co. KG)
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41888 2007-05-09] (Logitech Inc.)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [14112 2007-05-09] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [1276832 2007-05-09] (Logitech Inc.)
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [22528 2013-02-09] (Feitian Technologies Co., Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-03] (Avira GmbH)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)
S3 catchme; \??\C:\Users\Solytheo\AppData\Local\Temp\catchme.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-09 14:15 - 2013-08-09 14:15 - 00000763 _____ C:\Users\Solytheo\Desktop\checkup.txt
2013-08-09 12:04 - 2013-08-09 12:04 - 02347384 _____ (ESET) C:\Users\Solytheo\Downloads\esetsmartinstaller_enu.exe
2013-08-08 21:40 - 2013-08-08 21:40 - 00000000 ____D C:\Windows\ERUNT
2013-08-08 21:39 - 2013-08-08 21:39 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\Solytheo\Downloads\JRT.exe
2013-08-08 21:07 - 2013-08-08 21:07 - 00004467 _____ C:\AdwCleaner[S1].txt
2013-08-08 21:06 - 2013-08-08 21:06 - 00666633 _____ C:\Users\Solytheo\Downloads\adwcleaner.exe
2013-08-08 20:48 - 2013-08-08 20:48 - 00000000 ____D C:\Users\Solytheo\AppData\Roaming\Malwarebytes
2013-08-08 20:47 - 2013-08-08 20:47 - 00001079 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-08 20:47 - 2013-08-08 20:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-08 20:47 - 2013-08-08 20:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-08 20:47 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-08 18:01 - 2013-08-08 18:01 - 00015580 _____ C:\ComboFix.txt
2013-08-08 17:48 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-08 17:48 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-08 17:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-08 17:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-08 17:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-08 17:48 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-08 17:48 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-08 17:48 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-08 17:45 - 2013-08-08 18:01 - 00000000 ____D C:\Qoobox
2013-08-08 17:45 - 2013-08-08 18:00 - 00000000 ____D C:\Windows\erdnt
2013-08-08 17:23 - 2013-08-07 14:22 - 05100713 ____R (Swearware) C:\Users\Solytheo\Desktop\ComboFix.exe
2013-08-07 22:29 - 2013-08-07 14:20 - 01229076 _____ (Farbar) C:\Users\Solytheo\Desktop\FRST.exe
2013-08-07 18:50 - 2013-08-07 18:52 - 82222352 _____ (Microsoft Corporation) C:\Users\Solytheo\Downloads\mpam-fe.exe
2013-08-07 18:33 - 2013-08-08 18:25 - 00005538 _____ C:\Windows\PFRO.log
2013-08-07 18:18 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-08-07 18:18 - 2012-08-23 16:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-07 18:17 - 2013-08-08 18:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-07 18:17 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-08-07 18:17 - 2012-08-23 16:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-08-07 18:17 - 2012-08-23 16:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-08-07 18:17 - 2012-08-23 15:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-08-07 18:17 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-08-07 18:17 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-08-07 18:17 - 2012-08-23 15:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-08-07 18:17 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-08-07 18:17 - 2012-08-23 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-08-07 18:17 - 2012-08-23 13:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-08-07 18:17 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-08-07 18:17 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-08-07 18:17 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-08-07 18:17 - 2012-08-23 12:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-07 18:17 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-08-07 18:16 - 2013-08-07 18:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2013-08-07 18:14 - 2012-08-24 19:05 - 00136560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-08-07 18:14 - 2012-08-24 19:02 - 00369856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-08-07 18:14 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-08-07 18:14 - 2012-08-24 18:56 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-08-07 18:14 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-08-07 17:48 - 2013-08-07 17:48 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-07 17:48 - 2013-08-07 17:47 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-07 17:47 - 2013-08-07 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-07 17:47 - 2013-08-07 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-07 17:47 - 2013-08-07 17:47 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-07 17:45 - 2013-08-07 17:45 - 00903080 _____ (Oracle Corporation) C:\Users\Solytheo\Downloads\JavaSetup7u25.exe
2013-08-07 16:47 - 2013-08-09 11:52 - 00008998 _____ C:\Windows\setupact.log
2013-08-07 16:47 - 2013-08-07 16:47 - 00000000 _____ C:\Windows\setuperr.log
2013-08-07 16:45 - 2013-08-07 16:45 - 00102682 _____ C:\Windows\system32\cc_20130807_164516.reg
2013-08-07 16:17 - 2013-08-07 16:35 - 00000000 ____D C:\Windows\system32\MRT
2013-08-07 16:07 - 2013-08-07 16:07 - 00000977 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-07 16:07 - 2013-08-07 16:07 - 00000000 ____D C:\Program Files\CCleaner
2013-08-07 15:35 - 2013-08-07 15:35 - 00000000 ____D C:\FRST
2013-07-14 19:25 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-14 19:25 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-14 19:25 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-14 19:25 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-14 19:25 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-14 19:25 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-14 19:25 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-14 19:25 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-14 19:25 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-14 19:25 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-14 19:25 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-14 19:25 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-14 19:25 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-14 19:25 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-14 19:25 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-14 19:25 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-14 19:24 - 2013-07-14 19:24 - 00000197 _____ C:\Windows\system32\MRT.INI
2013-07-12 07:19 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 07:19 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 07:19 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 07:19 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-09 14:15 - 2013-08-09 14:15 - 00000763 _____ C:\Users\Solytheo\Desktop\checkup.txt
2013-08-09 14:12 - 2010-01-10 16:30 - 01439278 _____ C:\Windows\WindowsUpdate.log
2013-08-09 13:18 - 2012-07-15 10:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-09 12:04 - 2013-08-09 12:04 - 02347384 _____ (ESET) C:\Users\Solytheo\Downloads\esetsmartinstaller_enu.exe
2013-08-09 12:00 - 2010-01-10 16:12 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 12:00 - 2010-01-10 16:12 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 11:56 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-08-09 11:55 - 2010-04-03 20:46 - 00000000 ____D C:\Users\Solytheo\AppData\Roaming\Skype
2013-08-09 11:53 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-09 11:52 - 2013-08-07 16:47 - 00008998 _____ C:\Windows\setupact.log
2013-08-08 21:40 - 2013-08-08 21:40 - 00000000 ____D C:\Windows\ERUNT
2013-08-08 21:39 - 2013-08-08 21:39 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\Solytheo\Downloads\JRT.exe
2013-08-08 21:07 - 2013-08-08 21:07 - 00004467 _____ C:\AdwCleaner[S1].txt
2013-08-08 21:06 - 2013-08-08 21:06 - 00666633 _____ C:\Users\Solytheo\Downloads\adwcleaner.exe
2013-08-08 20:48 - 2013-08-08 20:48 - 00000000 ____D C:\Users\Solytheo\AppData\Roaming\Malwarebytes
2013-08-08 20:47 - 2013-08-08 20:47 - 00001079 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-08 20:47 - 2013-08-08 20:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-08 20:47 - 2013-08-08 20:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-08 18:32 - 2010-01-10 16:38 - 01649198 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-08 18:25 - 2013-08-07 18:33 - 00005538 _____ C:\Windows\PFRO.log
2013-08-08 18:25 - 2013-08-07 18:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-08 18:01 - 2013-08-08 18:01 - 00015580 _____ C:\ComboFix.txt
2013-08-08 18:01 - 2013-08-08 17:45 - 00000000 ____D C:\Qoobox
2013-08-08 18:01 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-08-08 18:00 - 2013-08-08 17:45 - 00000000 ____D C:\Windows\erdnt
2013-08-08 17:59 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-08-08 17:58 - 2008-08-11 16:05 - 00000000 ____D C:\Windows\system32\pt
2013-08-07 18:52 - 2013-08-07 18:50 - 82222352 _____ (Microsoft Corporation) C:\Users\Solytheo\Downloads\mpam-fe.exe
2013-08-07 18:32 - 2009-07-14 10:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-08-07 18:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-07 18:16 - 2013-08-07 18:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2013-08-07 18:15 - 2010-01-10 16:12 - 00000000 ____D C:\Program Files\CONEXANT
2013-08-07 17:48 - 2013-08-07 17:48 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-07 17:47 - 2013-08-07 17:48 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-07 17:47 - 2013-08-07 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-07 17:47 - 2013-08-07 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-07 17:47 - 2013-08-07 17:47 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-07 17:47 - 2012-07-19 18:32 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-08-07 17:47 - 2010-07-06 18:16 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-07 17:47 - 2008-08-11 15:37 - 00000000 ____D C:\Program Files\Java
2013-08-07 17:45 - 2013-08-07 17:45 - 00903080 _____ (Oracle Corporation) C:\Users\Solytheo\Downloads\JavaSetup7u25.exe
2013-08-07 16:57 - 2011-02-27 21:13 - 00000000 ____D C:\Program Files\Adobe
2013-08-07 16:57 - 2009-11-15 19:05 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Adobe
2013-08-07 16:57 - 2008-08-11 16:19 - 00000000 ____D C:\ProgramData\Adobe
2013-08-07 16:47 - 2013-08-07 16:47 - 00000000 _____ C:\Windows\setuperr.log
2013-08-07 16:45 - 2013-08-07 16:45 - 00102682 _____ C:\Windows\system32\cc_20130807_164516.reg
2013-08-07 16:43 - 2013-01-19 17:50 - 00000000 ____D C:\Windows\Minidump
2013-08-07 16:43 - 2010-01-10 16:08 - 00000000 ____D C:\Windows\Panther
2013-08-07 16:35 - 2013-08-07 16:17 - 00000000 ____D C:\Windows\system32\MRT
2013-08-07 16:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-07 16:17 - 2008-08-11 16:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-07 16:17 - 2006-11-02 12:23 - 00000251 _____ C:\Windows\win.ini
2013-08-07 16:07 - 2013-08-07 16:07 - 00000977 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-07 16:07 - 2013-08-07 16:07 - 00000000 ____D C:\Program Files\CCleaner
2013-08-07 15:35 - 2013-08-07 15:35 - 00000000 ____D C:\FRST
2013-08-07 14:22 - 2013-08-08 17:23 - 05100713 ____R (Swearware) C:\Users\Solytheo\Desktop\ComboFix.exe
2013-08-07 14:20 - 2013-08-07 22:29 - 01229076 _____ (Farbar) C:\Users\Solytheo\Desktop\FRST.exe
2013-08-07 10:57 - 2012-11-09 13:07 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Banana.ch
2013-08-07 10:57 - 2011-03-14 18:51 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Information Factory
2013-08-07 10:57 - 2010-04-05 13:21 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Apple Computer
2013-08-07 10:57 - 2010-04-05 13:10 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Apple
2013-08-07 10:57 - 2009-10-10 17:36 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Google
2013-07-23 13:47 - 2010-12-11 15:30 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-07-23 13:47 - 2010-12-11 15:30 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-07-15 18:35 - 2013-03-18 19:37 - 00037136 _____ C:\Users\Solytheo\Desktop\Spesen 2013 2.xlsx
2013-07-14 19:50 - 2009-07-14 06:33 - 00446832 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-14 19:47 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-14 19:47 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-14 19:24 - 2013-07-14 19:24 - 00000197 _____ C:\Windows\system32\MRT.INI
2013-07-13 21:41 - 2013-05-04 16:33 - 00000000 ____D C:\Users\Solytheo\Banana Buchhaltung
2013-07-13 21:41 - 2013-04-08 10:55 - 00000000 ____D C:\Users\Solytheo\Documents\Eigene PaperPort-Dokumente
2013-07-13 21:41 - 2013-04-07 16:55 - 00000000 ____D C:\Users\Solytheo\Documents\Steuerfaelle
2013-07-13 21:41 - 2012-11-09 13:35 - 00000000 ____D C:\Users\Solytheo\Documents\Computer
2013-07-13 21:41 - 2012-11-09 13:34 - 00000000 ____D C:\Users\Solytheo\Documents\Privat
2013-07-13 21:41 - 2012-11-09 13:29 - 00000000 ____D C:\Users\Solytheo\Documents\Geschäft
2013-07-13 21:41 - 2011-10-23 20:27 - 00000000 ____D C:\Users\Solytheo\Downloads\rempnp
2013-07-13 21:41 - 2011-09-25 12:26 - 00000000 ____D C:\Users\Solytheo\Downloads\Treiber Brother MFC295CN
2013-07-13 21:41 - 2011-07-30 00:20 - 00000000 ____D C:\Users\Solytheo\AppData\Local\mquadr.at
2013-07-13 21:41 - 2010-08-23 17:43 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Scansoft
2013-07-13 21:41 - 2010-05-29 19:01 - 00000000 ____D C:\Users\Solytheo\Downloads\Navisworks Freedom
2013-07-13 21:41 - 2010-05-02 16:52 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Microsoft Help
2013-07-13 21:41 - 2010-04-05 13:05 - 00000000 ____D C:\Users\Solytheo\Downloads\iTunes
2013-07-13 21:41 - 2010-04-03 20:33 - 00000000 ____D C:\Users\Solytheo\Downloads\skype
2013-07-13 21:41 - 2010-01-10 23:53 - 00000000 ____D C:\Users\Solytheo\Downloads\Adobe Reader
2013-07-13 21:41 - 2010-01-10 23:06 - 00000000 ____D C:\Users\Solytheo\Downloads\Antivir
2013-07-13 21:41 - 2010-01-10 16:13 - 00000000 ____D C:\Users\Solytheo
2013-07-13 21:41 - 2009-11-15 18:47 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Microsoft Corporation
2013-07-13 21:41 - 2009-10-10 17:35 - 00000000 ____D C:\Users\Solytheo\AppData\Local\Toshiba
2013-07-13 21:41 - 2009-10-10 17:34 - 00000000 ____D C:\Users\Solytheo\AppData\Local\VirtualStore

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-19 19:13

==================== End Of Log ============================
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-08-2013
Ran by Solytheo at 2013-08-09 14:17:26
Running from C:\Users\Solytheo\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Apple Application Support (Version: 1.3.0)
Apple Mobile Device Support (Version: 3.1.0.62)
Apple Software Update (Version: 2.1.2.120)
Atheros Driver Installation Program (Version: 5.0)
Atheros Wi-Fi Protected Setup Library
Avira Free Antivirus (Version: 13.0.0.3885)
Banana Buchhaltung 7.0 (Version: 7.0.1.0)
Bonjour (Version: 2.0.2.0)
Brother MFL-Pro Suite MFC-295CN (Version: 1.0.1.0)
Camera Assistant Software for Toshiba (Version: 1.7.231.1126L)
CCleaner (Version: 4.04)
CD/DVD Drive Acoustic Silencer (Version: 2.02.03)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
devolo dLAN Cockpit (Version: 1.0)
devolo dLAN-Konfigurationsassistent (Version: 20.0.0.0)
devolo Informer (Version: 28.0.0.0)
dLAN Cockpit (Version: 1.19.07)
DVD MovieFactory for TOSHIBA (Version: 5.51)
eTax.schwyz 2010 nP 9.0.1 (Version: 9.0.1)
eTax.schwyz 2011 nP 10.0.4 (Version: 10.0.4)
eTax.schwyz 2012 nP 11.0.4 (Version: 11.0.4)
Google Desktop (Version: 5.9.1005.12335)
greenCube (C:\Program Files\greenCube) (Version: 4.1.16.0001)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.50)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1883)
Intel® Matrix Storage Manager
iTunes (Version: 9.2.1.5)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (GREENSQL2005) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 (Version: 3.0.5305.0)
Microsoft XML Parser (Version: 8.20.8730.4)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
myphotobook 3.6 (Version: 3.6)
NetWaiting (Version: 2.5.52)
Nuance PDF Viewer Plus (Version: 5.30.3290)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
PaperPort Image Printer (Version: 1.00.0000)
Picasa 3 (Version: 3.8)
Private Tax 2010 (Version: 1.1.2.583)
Private Tax 2011 1.4 (Version: 1.4)
QuickTime (Version: 7.66.71.0)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
Safari (Version: 5.31.22.7)
ScanSoft PaperPort 11 (Version: 11.2.0000)
Scansoft PDF Professional
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Toolbars (Version: 1.0.4051)
Skype™ 6.3 (Version: 6.3.107)
SofTax GR 2011 NP (Version: 1.1.8.3049)
Synaptics Pointing Device Driver (Version: 11.2.4.0)
TeamViewer 6 (Version: 6.0.11656)
Tools für Microsoft SQL Server 2005 Express Edition (Version: 9.4.5000.00)
TOSHIBA Assist (Version: 2.01.08)
TOSHIBA Benutzerhandbücher (Version: 7.40)
TOSHIBA ConfigFree (Version: 8.0.23)
TOSHIBA Disc Creator (Version: 2.1.0.1)
TOSHIBA DVD PLAYER (Version: 2.50.0.11-AU)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 2.0.17.32)
TOSHIBA Hardware Setup (Version: 2.00.11)
Toshiba Online Product Information (Version: 1.00.0012)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.1b)
TOSHIBA Supervisor Password (Version: 2.00.10)
TOSHIBA Value Added Package (Version: 1.2.28)
TRDCReminder (Version: 1.00.0015)
TRORDCLauncher (Version: 1.0.0.1)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.5000.00)
upc cablecom Installer (Version: 6.1.0.4)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Windows 7 Upgrade Advisor (Version: 2.0.3001.0)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
 

==================== Restore Points  =========================

07-08-2013 15:47:30 Installed Java 7 Update 25
07-08-2013 16:14:19 Windows Update
08-08-2013 16:23:08 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2013-08-08 17:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0A2DC18A-322F-4955-B653-BF81478E9C27} - System32\Tasks\{F0E0BD8D-7614-4158-B99F-A000FD758ABD} => C:\Program Files\Internet Explorer\IEXPLORE.EXE [2013-06-12] (Microsoft Corporation)
Task: {0B9E37C9-A0FF-4EEA-911F-5D6DBE473935} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3C16AC0D-FF01-486E-ACBD-C7F08C443DA2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {3CA4983E-1711-4F72-AC9F-D10E41931CD3} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs No File
Task: {68F45A7C-1009-4060-8208-86F4575029E4} - System32\Tasks\User_Feed_Synchronization-{ECD9738C-3BA7-482C-8FC1-60B9ABC6C81E} => C:\Windows\system32\msfeedssync.exe [2013-06-19] (Microsoft Corporation)
Task: {7E619083-2145-4809-A108-EE8F841C0B9E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {83CD0209-A7F0-4FA4-9D91-F911D481DB91} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {87AB7BF9-3902-4AD1-9FA0-480F558DF140} - System32\Tasks\{2DBE2333-59F9-48C1-A264-8C03A69941D6} => C:\Program Files\Skype\Phone\Skype.exe [2013-04-19] (Skype Technologies S.A.)
Task: {99A54D22-FE59-4709-9A0D-7720BA22AFFA} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-09-03] (TOSHIBA CORPORATION)
Task: {A82BD177-CF53-4803-8E42-29E8C515560E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {DA9BCDDA-A33D-4BE8-8708-04800945F982} - \CreateChoiceProcessTask No Task File
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============

Name: JumpStart Wireless Filter Driver
Description: JumpStart Wireless Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: jswpslwf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2013 11:54:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2013 09:58:08 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/08/08 21:58:08.246]: [00002980]: Initialize TwdsMain Class failed!

Error: (08/08/2013 09:58:08 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/08/08 21:58:08.246]: [00002980]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (08/08/2013 09:58:08 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/08/08 21:58:08.231]: [00002980]: GetDeviceList Failed! pStiInfo = 0x0..

Error: (08/08/2013 09:58:08 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/08/08 21:58:08.199]: [00002980]: Initialize TwdsMain Class failed!

Error: (08/08/2013 09:58:08 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/08/08 21:58:08.199]: [00002980]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (08/08/2013 09:58:08 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/08/08 21:58:08.199]: [00002980]: GetDeviceList Failed! pStiInfo = 0x0..

Error: (08/08/2013 09:58:08 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/08/08 21:58:08.168]: [00002980]: Initialize TwdsMain Class failed!

Error: (08/08/2013 09:58:08 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/08/08 21:58:08.168]: [00002980]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (08/08/2013 09:58:08 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/08/08 21:58:08.168]: [00002980]: GetDeviceList Failed! pStiInfo = 0x0..


System errors:
=============
Error: (08/09/2013 11:53:32 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
jswpslwf


Microsoft Office Sessions:
=========================
Error: (08/09/2013 11:54:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2013 09:58:08 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/08/08 21:58:08.246]: [00002980]: Initialize TwdsMain Class failed!

Error: (08/08/2013 09:58:08 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/08/08 21:58:08.246]: [00002980]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (08/08/2013 09:58:08 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/08/08 21:58:08.231]: [00002980]: GetDeviceList Failed! pStiInfo = 0x0..

Error: (08/08/2013 09:58:08 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/08/08 21:58:08.199]: [00002980]: Initialize TwdsMain Class failed!

Error: (08/08/2013 09:58:08 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/08/08 21:58:08.199]: [00002980]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (08/08/2013 09:58:08 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/08/08 21:58:08.199]: [00002980]: GetDeviceList Failed! pStiInfo = 0x0..

Error: (08/08/2013 09:58:08 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/08/08 21:58:08.168]: [00002980]: Initialize TwdsMain Class failed!

Error: (08/08/2013 09:58:08 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/08/08 21:58:08.168]: [00002980]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (08/08/2013 09:58:08 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/08/08 21:58:08.168]: [00002980]: GetDeviceList Failed! pStiInfo = 0x0..


==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 2939.99 MB
Available physical RAM: 1658.56 MB
Total Pagefile: 5878.27 MB
Available Pagefile: 4469.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.57 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:148.89 GB) (Free:23.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:147.73 GB) (Free:142.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 4BBF870C)
Partition 1: (Not Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Alt 10.08.2013, 09:23   #10
schrauber
/// the machine
/// TB-Ausbilder
 
Backdoor und diverse Trojaner gefunden - Standard

Backdoor und diverse Trojaner gefunden


Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.08.2013, 09:59   #11
Snowflake
 
Backdoor und diverse Trojaner gefunden - Daumen hoch

Backdoor und diverse Trojaner gefunden


Zitat:
Zitat von schrauber Beitrag anzeigen
Noch Probleme?
Ich weis es nicht. Sieht man das nicht an den Logs, welche ich gepostet habe? Auf alle Fälle vielen herzlichen Dank für die Hilfe.
__________________
----->
... anotherone bites the dust ...
ich bin hier nur die signatur

Alt 10.08.2013, 10:10   #12
schrauber
/// the machine
/// TB-Ausbilder
 
Backdoor und diverse Trojaner gefunden - Standard

Backdoor und diverse Trojaner gefunden


Ich sehe ob noch aktive Malware drauf ist oder nicht. Könnte aber sein dass Du noch irgend ein Problem hast mit dem Rechner, welches man ohne speziell danach zu suchen nicht im Log sieht, dann weiss ich was ich noch behandeln muss. Wenn Du aber sonst keine Probs hast, dann:

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.08.2013, 10:31   #13
Snowflake
 
Backdoor und diverse Trojaner gefunden - Standard

Backdoor und diverse Trojaner gefunden


Ich glaube nicht, dass es noch Probleme gibt ... zu Deiner Antwort: Würdest Du von CCleaner von Pirisoft abraten? Und was wäre mit dem Gratis-Tool eek? Alles andere (Windows-Update usw.) ist mir schon klar.

Du kannst den Thread aus deinem Pendenzen-Pool löschen. Danke vielmals für Deine Hilfe, Schrauber.
__________________
----->
... anotherone bites the dust ...
ich bin hier nur die signatur

Alt 10.08.2013, 10:44   #14
schrauber
/// the machine
/// TB-Ausbilder
 
Backdoor und diverse Trojaner gefunden - Standard

Backdoor und diverse Trojaner gefunden


Ccleaner brauch kein Mensch. Was meinst du mit eek?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Backdoor und diverse Trojaner gefunden
alles weg, avira, backdoor, backdoor programm, defender, diverse, diverse trojaner, erstell, gefunde, gesendet, malware, nicht sicher, programm, quarantäne, rojaner gefunden, troja, trojaner, trojaner gefunden, update, verschiedene, windows, windows defender, windows update


« Trojaner Ava Soft Professional Antivirus auf meinem Laptop | chrome adblocker »


Ähnliche Themen: Backdoor und diverse Trojaner gefunden


  1. E-Mail Postfach geknackt - diverse Bedrohungen per Malwarebytes gefunden!
    Log-Analyse und Auswertung - 10.12.2014 (17)
  2. Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint
    Plagegeister aller Art und deren Bekämpfung - 25.11.2014 (15)
  3. Beim Scan diverse Trojaner gefunden Rotbrowse, Rotbrow.A, BProtector, System läuft extrem langsam und Programme bzw IE stürzen regelmäßig ab
    Log-Analyse und Auswertung - 14.10.2014 (5)
  4. Windows 7: diverse Toolbars und Rootkit durch Avira gefunden
    Log-Analyse und Auswertung - 15.06.2014 (18)
  5. Windows 8.1: Diverse Infizierte Objekte wurden gefunden
    Log-Analyse und Auswertung - 17.02.2014 (5)
  6. Trojaner und diverse PUP Dateien gefunden
    Log-Analyse und Auswertung - 07.09.2013 (17)
  7. diverse Trojaner und Malware gefunden, infektion evtl. durch 22kB dateianhang
    Log-Analyse und Auswertung - 31.01.2013 (3)
  8. Diverse Systemfehler, Trojaner und Malware gefunden
    Log-Analyse und Auswertung - 21.01.2013 (14)
  9. diverse Trojaner / Backdoor.agents
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (41)
  10. Spyware.Zeus, Z.bot und diverse andere Malware auf PC gefunden
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (22)
  11. Diverse Trojaner gefunden? (Blacole.A u.a.) - unsicher über nächste Schritte
    Plagegeister aller Art und deren Bekämpfung - 18.01.2012 (15)
  12. Diverse Trojaner gefunden / Icons & Dateien versteckt / Internet geht nicht mehr
    Log-Analyse und Auswertung - 08.11.2011 (7)
  13. Trojaner:Backdoor.Win32.SdBot.nci von Kaspersky gefunden.
    Plagegeister aller Art und deren Bekämpfung - 07.07.2011 (47)
  14. TR/Dropper.Gen, TR/Crypt.XPACK.Gen, HEUR/HTML. und diverse Trojaner bei AntiVir/Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 24.03.2011 (19)
  15. Ricsi-831 Wurm gefunden - Backdoor Trojaner Gefahr?
    Plagegeister aller Art und deren Bekämpfung - 20.07.2008 (7)
  16. Hackerangriff durch diverse Backdoor-Programme...
    Diskussionsforum - 14.01.2007 (6)
  17. diverse Plagegeister gefunden, wie kann ich sie entfernen??
    Plagegeister aller Art und deren Bekämpfung - 16.01.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Backdoor und diverse Trojaner gefunden - Grüezi, ich habe verschiedene Trojaner und ein Backdoor Programm gefunden. Mit Avira und Windows Defender habe ich diese Malware in die Quarantäne gesendet, bin aber nicht sicher, ob alles weg - Backdoor und diverse Trojaner gefunden...
Archiv
Du betrachtest: Backdoor und diverse Trojaner gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19