Rootkit gefunden (MBAR) Windows 7 Professional 64 Bit

TobiB · 06.09.2013, 20:16

Hallo Liebes Trojaner-Board Team.
Ich hatte die Vermutung, irgendwas könnte runtergeladen worden sein, als
plötzlich das Java Symbol in der Takleiste auftauchte. Ich habe daraufhin einen
Scan mit MBAM durchlaufen lassen, der hat aber nichts gefunden. MBAR hat dann tatsächlich 7 Meldungen ergeben. Siehe unten, alle weiteren Logs sind als .zip im Anhang zu finden. Auch Microsoft Security Essentials hat was gefunden, konnte aber das log File nicht finden.

Ich würde mich über eine schnelle Hilfe freuen,
Viele Grüße,
Tobi

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.06.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Tobias :: TOBIAS-PC [administrator]

06.09.2013 18:15:40
mbar-log-2013-09-06 (18-15-40).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 350957
Time elapsed: 14 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE (Trojan.0Access) -> No action taken.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE (Trojan.0Access) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 7
C:\Users\Tobias_2\AppData\Local\Google\Desktop\Install\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\❤≸⋙ (Trojan.0Access) -> No action taken.
C:\Users\Tobias_2\AppData\Local\Google\Desktop\Install\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\❤≸⋙\Ⱒ☠⍨ (Trojan.0Access) -> No action taken.
C:\Users\Tobias_2\AppData\Local\Google\Desktop\Install\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\❤≸⋙\Ⱒ☠⍨\*ﯹ๛ (Trojan.0Access) -> No action taken.
C:\Users\Tobias_2\AppData\Local\Google\Desktop\Install\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\❤≸⋙\Ⱒ☠⍨\*ﯹ๛\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7} (Trojan.0Access) -> No action taken.
C:\Users\Tobias_2\AppData\Local\Google\Desktop\Install\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\❤≸⋙\Ⱒ☠⍨\*ﯹ๛\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\L (Trojan.0Access) -> No action taken.
C:\Users\Tobias_2\AppData\Local\Google\Desktop\Install\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\❤≸⋙\Ⱒ☠⍨\*ﯹ๛\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U (Trojan.0Access) -> No action taken.
C:\Users\Tobias_2\AppData\Local\Google\Desktop\Install\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7} (Trojan.0Access) -> No action taken.

Files Detected: 1
C:\Users\Tobias_2\AppData\Local\Google\Desktop\Install\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\❤≸⋙\Ⱒ☠⍨\*ﯹ๛\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\GoogleUpdate.exe (Trojan.0Access) -> No action taken.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

schrauber · 06.09.2013, 21:10

hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

TobiB · 06.09.2013, 22:54

Hallo, hier der FRST scan:

FRST.txt:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2013
Ran by Tobias (administrator) on TOBIAS-PC on 06-09-2013 20:08:40
Running from C:\Users\Tobias\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\DCService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(3M Touch Systems, Inc.) C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwService.exe
(3M Touch Systems, Inc.) C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwRegSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
MountPoints2: G - G:\AutoRun.exe
MountPoints2: {00a339dd-cbcc-11df-b869-00269e9d20bb} - G:\AutoRun.exe
MountPoints2: {00a339e0-cbcc-11df-b869-00269e9d20bb} - G:\AutoRun.exe
MountPoints2: {00a339f6-cbcc-11df-b869-00269e9d20bb} - G:\AutoRun.exe
MountPoints2: {29cc745d-9339-11df-ad55-00269e9d20bb} - G:\AutoRun.exe
MountPoints2: {29cc746b-9339-11df-ad55-00269e9d20bb} - G:\AutoRun.exe
MountPoints2: {bd800774-526f-11df-b291-806e6f6e6963} - E:\AUTOPLAY.EXE id=10000017000015000002 ver=1.0.0.0
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1912832 2012-10-04] (Dominik Reichl)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {643B9224-F29B-4E9A-A9FA-F3C35CEA6F43} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\gh1ag6rt.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.2.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Default Manager - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\gh1ag6rt.default\Extensions\DefaultManager@Microsoft
FF Extension: zotero - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\gh1ag6rt.default\Extensions\zotero@chnm.gmu.edu.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R2 MSSQL$COCHLEAR; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 TwDrvService; C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwService.exe [183296 2010-09-08] (3M Touch Systems, Inc.)
R2 TwRegSvc; C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwRegSvc.exe [44544 2009-11-12] (3M Touch Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 MADFULEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [28680 2010-02-09] (M-Audio)
S3 MAUSBLEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard.sys [196616 2010-02-09] (M-Audio)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 TwBus; C:\Windows\System32\DRIVERS\TwBus.sys [18856 2010-03-01] (3M)
S3 TwTouch; C:\Windows\System32\DRIVERS\TwTouch.sys [112640 2011-05-05] (3M)
S3 fireface; system32\drivers\fireface_64.sys [x]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [x]
U3 uwdiipod; \??\C:\Users\Tobias\AppData\Local\Temp\uwdiipod.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-06 18:58 - 2013-09-06 18:58 - 00000000 _____ C:\Users\Tobias\defogger_reenable
2013-09-06 18:50 - 2013-09-06 18:50 - 00050477 _____ C:\Users\Tobias\Downloads\Defogger.exe
2013-09-06 18:50 - 2013-09-06 18:50 - 00050477 _____ C:\Users\Tobias\Desktop\Defogger.exe
2013-09-06 18:44 - 2013-09-06 18:44 - 01948360 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64.exe
2013-09-06 18:37 - 2013-09-06 18:37 - 00000000 ____D C:\Users\Tobias\Desktop\mbar
2013-09-06 18:13 - 2013-09-06 18:13 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Tobias\Downloads\mbar-1.07.0.1005.exe
2013-09-06 18:12 - 2013-09-06 17:12 - 00102114 _____ C:\Users\Tobias\Desktop\Extras.Txt
2013-09-06 18:11 - 2013-09-06 17:12 - 00208998 _____ C:\Users\Tobias\Desktop\OTL.Txt
2013-09-06 18:07 - 2013-09-06 18:07 - 00001617 _____ C:\Users\Tobias\Desktop\JRT.txt
2013-09-06 17:05 - 2013-09-06 17:12 - 00102114 _____ C:\Users\Tobias\Downloads\Extras.Txt
2013-09-06 16:45 - 2013-09-06 17:12 - 00208998 _____ C:\Users\Tobias\Downloads\OTL.Txt
2013-09-06 16:21 - 2013-09-06 16:36 - 00000000 ____D C:\AdwCleaner
2013-09-06 16:19 - 2013-09-06 16:20 - 01037222 _____ C:\Users\Tobias\Downloads\adwcleaner.exe
2013-09-06 14:52 - 2013-09-06 14:52 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Malwarebytes
2013-09-06 14:33 - 2013-09-06 14:33 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Google
2013-08-30 18:35 - 2013-08-30 18:35 - 02816285 _____ C:\Users\Tobias\Downloads\T-REC-P.563-200405-I!!SOFT-ZST-E.zip
2013-08-28 10:33 - 2013-08-28 10:33 - 04743685 _____ C:\Users\Tobias\Downloads\1170088037_File_5722_EzFFT_1.4.zip
2013-08-25 23:15 - 2013-08-25 23:16 - 00000000 ____D C:\Users\Tobias\Desktop\MOC
2013-08-25 23:14 - 2013-08-25 23:19 - 59162340 _____ C:\Users\Tobias\Downloads\Literatur.zip
2013-08-19 22:26 - 2013-08-19 22:29 - 27891222 _____ (Igor Pavlov) C:\Users\Tobias_2\Downloads\tor-browser-2.3.25-12_en-US.exe
2013-08-18 21:43 - 2013-08-18 21:43 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Macromedia
2013-08-18 21:43 - 2013-08-18 21:43 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Macromedia
2013-08-18 21:29 - 2013-08-18 21:29 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Mozilla
2013-08-18 21:29 - 2013-08-18 21:29 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Mozilla
2013-08-18 21:28 - 2013-08-18 21:28 - 00129456 _____ C:\Users\Tobias_2\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-18 21:28 - 2013-08-18 21:28 - 00000020 ___SH C:\Users\Tobias_2\ntuser.ini
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Vorlagen
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Startmenü
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Netzwerkumgebung
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Lokale Einstellungen
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Eigene Dateien
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Druckumgebung
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Documents\Eigene Musik
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Documents\Eigene Bilder
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\AppData\Local\Verlauf
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\AppData\Local\Anwendungsdaten
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Anwendungsdaten
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 ___RD C:\Users\Tobias_2\Virtual Machines
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Adobe
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 ____D C:\Users\Tobias_2
2013-08-18 21:28 - 2011-11-16 04:05 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Microsoft Help
2013-08-18 21:28 - 2010-04-30 17:41 - 00000000 ____D C:\Users\Tobias_2\Documents\Visual Studio 2008
2013-08-18 13:15 - 2013-08-18 13:15 - 00015250 _____ C:\Users\Tobias\Desktop\hs_err_pid8440.log
2013-08-18 01:51 - 2013-08-18 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 23:31 - 2013-08-19 23:54 - 00000000 ____D C:\Users\Public\Documents\maxdome

==================== One Month Modified Files and Folders =======

2013-09-06 20:05 - 2012-07-16 00:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-06 18:58 - 2013-09-06 18:58 - 00000000 _____ C:\Users\Tobias\defogger_reenable
2013-09-06 18:58 - 2010-04-28 04:58 - 00000000 ____D C:\Users\Tobias
2013-09-06 18:54 - 2010-04-28 04:46 - 02069190 _____ C:\Windows\WindowsUpdate.log
2013-09-06 18:50 - 2013-09-06 18:50 - 00050477 _____ C:\Users\Tobias\Downloads\Defogger.exe
2013-09-06 18:50 - 2013-09-06 18:50 - 00050477 _____ C:\Users\Tobias\Desktop\Defogger.exe
2013-09-06 18:44 - 2013-09-06 20:07 - 01948360 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe
2013-09-06 18:44 - 2013-09-06 18:44 - 01948360 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64.exe
2013-09-06 18:37 - 2013-09-06 18:37 - 00000000 ____D C:\Users\Tobias\Desktop\mbar
2013-09-06 18:37 - 2013-07-18 22:50 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-06 18:14 - 2013-07-19 01:40 - 00000000 ____D C:\Users\Tobias\Desktop\TForumStuff
2013-09-06 18:13 - 2013-09-06 18:13 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Tobias\Downloads\mbar-1.07.0.1005.exe
2013-09-06 18:07 - 2013-09-06 18:07 - 00001617 _____ C:\Users\Tobias\Desktop\JRT.txt
2013-09-06 17:12 - 2013-09-06 18:12 - 00102114 _____ C:\Users\Tobias\Desktop\Extras.Txt
2013-09-06 17:12 - 2013-09-06 18:11 - 00208998 _____ C:\Users\Tobias\Desktop\OTL.Txt
2013-09-06 17:12 - 2013-09-06 17:05 - 00102114 _____ C:\Users\Tobias\Downloads\Extras.Txt
2013-09-06 17:12 - 2013-09-06 16:45 - 00208998 _____ C:\Users\Tobias\Downloads\OTL.Txt
2013-09-06 16:36 - 2013-09-06 16:21 - 00000000 ____D C:\AdwCleaner
2013-09-06 16:25 - 2013-01-20 22:57 - 00011414 _____ C:\Users\Tobias\gsview64.ini
2013-09-06 16:24 - 2010-05-01 16:37 - 00000284 _____ C:\Windows\matlab.ini
2013-09-06 16:20 - 2013-09-06 16:19 - 01037222 _____ C:\Users\Tobias\Downloads\adwcleaner.exe
2013-09-06 14:52 - 2013-09-06 14:52 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Malwarebytes
2013-09-06 14:33 - 2013-09-06 14:33 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Google
2013-09-06 14:05 - 2013-01-06 00:48 - 00000000 ____D C:\Users\Tobias\Documents\PraktikumMasterBericht
2013-09-05 23:03 - 2012-08-11 07:38 - 00001115 _____ C:\Users\Tobias\Documents\TXCUserDictionary.dic
2013-09-05 01:00 - 2010-04-28 20:03 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Dropbox
2013-09-03 22:18 - 2013-02-08 16:43 - 00000000 ____D C:\Users\Tobias\Documents\BibTexSync
2013-09-03 15:40 - 2010-04-28 20:05 - 00000000 ___RD C:\Users\Tobias\Documents\My Dropbox
2013-09-03 15:04 - 2012-07-30 12:21 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Skype
2013-09-03 10:04 - 2009-07-14 06:45 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-03 10:04 - 2009-07-14 06:45 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-03 09:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-03 09:57 - 2009-07-14 06:51 - 00103179 _____ C:\Windows\setupact.log
2013-09-03 01:00 - 2009-07-14 19:58 - 00761260 _____ C:\Windows\system32\perfh007.dat
2013-09-03 01:00 - 2009-07-14 19:58 - 00173350 _____ C:\Windows\system32\perfc007.dat
2013-09-03 01:00 - 2009-07-14 07:13 - 01782776 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-03 00:58 - 2010-05-01 16:37 - 00000000 ____D C:\Users\Tobias\Documents\MATLAB
2013-08-30 18:35 - 2013-08-30 18:35 - 02816285 _____ C:\Users\Tobias\Downloads\T-REC-P.563-200405-I!!SOFT-ZST-E.zip
2013-08-28 10:33 - 2013-08-28 10:33 - 04743685 _____ C:\Users\Tobias\Downloads\1170088037_File_5722_EzFFT_1.4.zip
2013-08-25 23:19 - 2013-08-25 23:14 - 59162340 _____ C:\Users\Tobias\Downloads\Literatur.zip
2013-08-25 23:16 - 2013-08-25 23:15 - 00000000 ____D C:\Users\Tobias\Desktop\MOC
2013-08-22 02:19 - 2012-01-09 22:55 - 00000000 ____D C:\Users\Tobias\Documents\HuAMaster
2013-08-20 23:05 - 2012-07-16 00:39 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 23:05 - 2012-07-16 00:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 23:05 - 2011-12-04 22:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-19 23:54 - 2013-08-16 23:31 - 00000000 ____D C:\Users\Public\Documents\maxdome
2013-08-19 22:29 - 2013-08-19 22:26 - 27891222 _____ (Igor Pavlov) C:\Users\Tobias_2\Downloads\tor-browser-2.3.25-12_en-US.exe
2013-08-19 21:01 - 2012-04-27 06:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 21:43 - 2013-08-18 21:43 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Macromedia
2013-08-18 21:43 - 2013-08-18 21:43 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Macromedia
2013-08-18 21:29 - 2013-08-18 21:29 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Mozilla
2013-08-18 21:29 - 2013-08-18 21:29 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Mozilla
2013-08-18 21:28 - 2013-08-18 21:28 - 00129456 _____ C:\Users\Tobias_2\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-18 21:28 - 2013-08-18 21:28 - 00000020 ___SH C:\Users\Tobias_2\ntuser.ini
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Vorlagen
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Startmenü
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Netzwerkumgebung
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Lokale Einstellungen
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Eigene Dateien
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Druckumgebung
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Documents\Eigene Musik
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Documents\Eigene Bilder
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\AppData\Local\Verlauf
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\AppData\Local\Anwendungsdaten
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Anwendungsdaten
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 ___RD C:\Users\Tobias_2\Virtual Machines
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Adobe
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 ____D C:\Users\Tobias_2
2013-08-18 13:38 - 2013-08-18 01:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-18 13:15 - 2013-08-18 13:15 - 00015250 _____ C:\Users\Tobias\Desktop\hs_err_pid8440.log
2013-08-16 23:26 - 2013-03-04 22:17 - 00129456 _____ C:\Users\Polina\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-07 09:54 - 2009-07-14 06:45 - 00467296 _____ C:\Windows\system32\FNTCACHE.DAT

Files to move or delete:
====================
C:\Users\Tobias\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tobias\AppData\Local\Temp\{94DA508B-2F6D-4C86-BAFE-D7C53631E285}\ISBEW64.exe
C:\Users\Tobias\AppData\Local\Temp\{1910BDFD-EE0D-48B2-95FE-0FAC95ADA4A8}\ISBEW64.exe
C:\Users\Tobias\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 13:24

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2013
Ran by Tobias at 2013-09-06 20:09:12
Running from C:\Users\Tobias\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
7-Zip 9.10 (x64 edition) (Version: 9.10.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Application Verifier (x64) (Version: 4.1.1078)
ASIO4ALL (x32 Version: 2.10 Beta 1)
Aspell 0.6 Dictionary (Language: de) (x32)
Aspell Data (x32)
Audacity 1.2.6 (x32)
CodeSite 4.1 Tools (x32 Version: 4.0)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (Version: 10.5.0.0)
Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64) (Version: 10.5.0.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Debugging Tools for Windows (x64) (Version: 6.12.2.633)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Deutsch für Russischsprachige 3.1 (x32)
DivX-Setup (x32 Version: 2.4.1.4)
Dropbox (HKCU Version: 2.0.22)
EAGLE 6.4.0 (x32 Version: 6.4.0)
ESET Online Scanner v3 (x32)
GIMP 2.6.11 (x32 Version: 2.6.11)
Google SketchUp 7 (x32 Version: 2.1.6863)
GPL Ghostscript (Version: 9.06)
GPL MPEG-1/2 DirectShow Decoder Filter (x32 Version: 0.1.2)
GSview 5.0 (Version: 5.0)
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB971091) (x32 Version: 1)
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB973674) (x32 Version: 1)
HP MediaSmart Webcam (x32 Version: 4.0.2626)
HP Product Detection (x32 Version: 10.7.9.0)
HP Product Detection (x32 Version: 11.15.0004)
IBM SPSS Statistics 21 (Version: 21.0.0.0)
Java Auto Updater (x32 Version: 2.0.7.1)
Java(TM) 6 Update 18 (x32 Version: 6.0.180)
Java(TM) 6 Update 35 (x32 Version: 6.0.350)
Java(TM) 7 Update 2 (64-bit) (Version: 7.0.20)
Java(TM) SE Development Kit 7 Update 2 (64-bit) (Version: 1.7.0.20)
JavaFX 2.0.2 (64-bit) (Version: 2.0.2)
JavaFX 2.0.2 SDK (64-bit) (Version: 2.0.2)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
KeePass Password Safe 2.20.1 (x32)
Live 4.0.3 (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MATLAB Student R2007a (x32 Version: 7.4)
M-Audio Legacy Keyboard Driver 5.0.0 (x64) (Version: 5.0.0)
maxdome Download Manager 4.1.300.78 (x32 Version: 4.1.30078)
Mendeley Desktop 1.8 (x32 Version: 1.8)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Device Emulator (64 Bit) Version 3.0 - DEU (Version: 9.0.21022)
Microsoft Document Explorer 2008 (x32 Version: 9.0.21022)
Microsoft Document Explorer 2008 (x32)
Microsoft Document Explorer 2008 Language Pack - DEU (x32 Version: 9.0.21022)
Microsoft Document Explorer 2008 Language Pack - DEU (x32)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Visual Web Developer 2007 (x32 Version: 12.0.4518.1066)
Microsoft Office Visual Web Developer MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 16.4.6010.0727)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (COCHLEAR) (x32 Version: 9.4.5000.00)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.4.5000.00)
Microsoft SQL Server Compact 3.5 Design Tools DEU (x32 Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 DEU (x32 Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 for Devices DEU (x32 Version: 3.5.5386.0)
Microsoft SQL Server Database Publishing Wizard 1.2 (x32 Version: 1.2.0.0)
Microsoft SQL Server Management Objects Collection  (Version: 9.00.4035.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0)
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack (x32 Version: 8.0.50727.42)
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack (x32)
Microsoft Visual Studio 2008 Professional Edition - DEU (x32 Version: 9.0.21022)
Microsoft Visual Studio 2008 Professional Edition - DEU (x32)
Microsoft Visual Studio 2008 Remote Debugger - DEU
Microsoft Visual Studio 2008 Remote Debugger - DEU (Version: 9.0.21022)
Microsoft Visual Studio Web Authoring Component (x32 Version: 12.0.4518.1066)
Microsoft Windows Performance Toolkit (Version: 4.8.0)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (Version: 6.1.5288.17011)
MiKTeX 2.9 (x32 Version: 2.9)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MP3 Generator 1.1 (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
MyFreeCodec (HKCU)
Native Instruments Abbey Road 60s Drums (Version: 1.2.0.003)
Native Instruments Abbey Road 60s Drums (x32)
Native Instruments Absynth 5 (x32)
Native Instruments Battery 3 (Version: 3.2.2.633)
Native Instruments Battery 3 (x32)
Native Instruments Battery Library Importer for Maschine (Version: 1.0.0.003)
Native Instruments Battery Library Importer for Maschine (x32)
Native Instruments Berlin Concert Grand (Version: 1.3.0.004)
Native Instruments Berlin Concert Grand (x32)
Native Instruments FM8 (Version: 1.2.0.1016)
Native Instruments FM8 (x32)
Native Instruments Guitar Rig 5 (Version: 5.0.0.2354)
Native Instruments Guitar Rig 5 (x32)
Native Instruments Komplete 8 (Version: 8.0.0.001)
Native Instruments Komplete 8 (x32)
Native Instruments Kontakt 5 (Version: 5.0.0.5133)
Native Instruments Kontakt 5 (x32)
Native Instruments Kontakt Factory Library (Version: 1.0.0.004)
Native Instruments Kontakt Factory Library (x32)
Native Instruments Massive (Version: 1.3.0.2050)
Native Instruments Massive (x32)
Native Instruments New York Concert Grand (Version: 1.3.0.004)
Native Instruments New York Concert Grand (x32)
Native Instruments Rammfire (Version: 1.1.0.003)
Native Instruments Rammfire (x32)
Native Instruments Reaktor 5 (Version: 5.6.1.11150)
Native Instruments Reaktor 5 (x32)
Native Instruments Reaktor Prism (Version: 1.2.0.005)
Native Instruments Reaktor Prism (x32)
Native Instruments Reaktor Spark R2 (Version: 1.1.0.004)
Native Instruments Reaktor Spark R2 (x32)
Native Instruments Reflektor (Version: 1.2.0.003)
Native Instruments Reflektor (x32)
Native Instruments Scarbee MM-Bass (Version: 1.2.0.006)
Native Instruments Scarbee MM-Bass (x32)
Native Instruments Scarbee Vintage Keys (Version: 1.1.0.002)
Native Instruments Scarbee Vintage Keys (x32)
Native Instruments Service Center (Version: 2.2.6.676)
Native Instruments Service Center (x32)
Native Instruments Studio Drummer (Version: 1.0.0.005)
Native Instruments Studio Drummer (x32)
Native Instruments The Finger R2 (Version: 1.1.0.004)
Native Instruments The Finger R2 (x32)
Native Instruments Traktors 12 (Version: 1.1.0.002)
Native Instruments Traktors 12 (x32)
Native Instruments Transient Master (Version: 1.0.0.004)
Native Instruments Transient Master (x32)
Native Instruments Upright Piano (Version: 1.3.0.004)
Native Instruments Upright Piano (x32)
Native Instruments Vienna Concert Grand (Version: 1.3.0.003)
Native Instruments Vienna Concert Grand (x32)
Native Instruments Vintage Organs (Version: 1.1.0.007)
Native Instruments Vintage Organs (x32)
Native Instruments West Africa (Version: 1.1.0.004)
Native Instruments West Africa (x32)
No23 Recorder (x32 Version: 2.1.0.3)
ON-Drucker-Software
Samsung Kies (x32 Version: 2.5.3.13052_10)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.0)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.3 (x32 Version: 6.3.107)
SumatraPDF (x32 Version: 2.2.1)
Synaptics Pointing Device Driver (Version: 15.0.17.4)
TeXnicCenter System Update 1.0 (x32 Version: 1.0)
TeXnicCenter Version 1.0 Stable RC1 (x32 Version: Version 1.0 Stable RC1)
Tools für Microsoft SQL Server 2005 Express Edition (x32 Version: 9.4.5000.00)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (x32 Version: 9.00.5000.00)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 System (KB2539530) (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB972221) (x32 Version: 1)
VC Runtimes MSI (x32 Version: 9.0.21022)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
Visual Studio .NET Prerequisites - English (Version: 9.0.21022)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.21022)
Visual Studio Tools for the Office system 3.0 Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU (x32 Version: 9.0.21022)
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU (x32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)

==================== Restore Points  =========================

24-08-2013 08:35:26 Windows Update
24-08-2013 20:01:21 Windows Update
26-08-2013 09:04:46 Windows Update
27-08-2013 18:32:37 Windows Update
27-08-2013 19:58:03 Windows Update
27-08-2013 23:24:48 Windows Update
28-08-2013 10:01:18 Windows Update
28-08-2013 21:28:39 Windows Update
29-08-2013 20:45:35 Windows Update
30-08-2013 22:16:14 Windows Update
01-09-2013 09:01:57 Windows Update
01-09-2013 20:23:41 Windows Update
02-09-2013 01:00:16 Windows Update
03-09-2013 01:00:15 Windows Update
04-09-2013 07:24:48 Windows Update
05-09-2013 07:53:48 Windows Update
06-09-2013 09:07:37 Windows Update
06-09-2013 12:34:17 Microsoft Antimalware Checkpoint

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {156F29D0-B310-4DD1-89A1-62BDB99706A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {1D57683C-C885-490A-BFDF-1A42DA94B7F3} - System32\Tasks\{0D51683E-F29C-43E5-95DF-1FA33B74CE94} => C:\Windows\System32\fireface.exe [2011-05-03] (RME)
Task: {4E544669-8702-4870-81A6-D119E19AC424} - System32\Tasks\{AD3E996E-AFD1-4B44-9FC3-83F3E0BF9927} => C:\Windows\System32\fireface.exe [2011-05-03] (RME)
Task: {51E75A13-69EA-490B-9A34-CE54C8F7822F} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {6247C288-50DD-4F45-9B0F-E88B9480C096} - System32\Tasks\{3DC8C303-0DD4-47ED-A7E9-6D2AC392AB87} => C:\Program Files (x86)\ICQ7.1\ICQ.exe
Task: {704D61AF-FFA9-4A8B-8F99-2C406F8219FC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {71780C7B-1CC0-4D0F-877C-EC4EEFF91A41} - System32\Tasks\{FCFC0FDC-5938-44A8-BF00-580B059C5E49} => C:\Windows\System32\fireface.exe [2011-05-03] (RME)
Task: {73B151DF-B5B0-42A6-BDA9-7CEC8979F165} - System32\Tasks\{EEE4D6D5-C4D2-4238-B2D8-024876E444A3} => E:\F5U103ea driver\Windows\F5U103 Driver Installer.exe
Task: {7B9D3D22-51FD-440E-A606-A82E27F14319} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {82B87CB9-FB41-4BD3-8BF2-AC01AE88C358} - System32\Tasks\{7C4DDAAA-9157-4B8E-80CB-D339D89ABC2F} => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Task: {9AE3C567-ECFC-4799-9814-DA0203136294} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18] (Sun Microsystems, Inc.)
Task: {A88D662E-D26E-4D00-9FEC-DE200BBA93D1} - System32\Tasks\User_Feed_Synchronization-{0CA5BF6D-E052-4ADB-A7C2-6ED8E8532722} => C:\Windows\system32\msfeedssync.exe [2013-03-15] (Microsoft Corporation)
Task: {ACB3AA81-827D-4C62-A387-786954AC4E54} - System32\Tasks\{2B18F5D9-AB96-4F6A-B627-720238125F8B} => C:\Windows\System32\fireface.exe [2011-05-03] (RME)
Task: {B5CCDBDC-FE06-4DD8-B5D5-58CF42902B3D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BBA7DCE5-9DDD-48B0-8671-8C55F799DF58} - System32\Tasks\{02F64619-AE2E-4876-9C46-583D362F9F94} => C:\Program Files (x86)\ICQ7.1\ICQ.exe
Task: {C23AA155-824F-41B7-B7E8-FD99F1967E1F} - System32\Tasks\{9E4C3FB2-B8CD-4F61-90EB-270A4FF28057} => C:\Windows\System32\fireface.exe [2011-05-03] (RME)
Task: {CF3D2420-A667-40A2-A44D-B60D2D1EA872} - System32\Tasks\{5092381F-FB5D-4BE1-AC24-207663249B1D} => C:\Windows\System32\fireface.exe [2011-05-03] (RME)
Task: {DA081B48-CA8E-43FC-96E3-54B1C6A14025} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {DE9B174F-398D-44B6-9AC0-7E07E912103D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {E29C1CED-2E62-4DAA-B60B-B6E0E1E463F2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: {EEDA3671-4282-4FCA-9668-B28E18A17481} - System32\Tasks\{30F1C96E-40EA-4788-AD17-E2C7C6E52F6D} => C:\Windows\System32\fireface.exe [2011-05-03] (RME)
Task: {F56C4B64-477C-4D42-9FC3-BD25DFF12478} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-07-01 22:29 - 2010-03-23 14:53 - 03348480 _____ (IDT, Inc.) C:\Program Files\IDT\WDM\STLang64.dll
2010-03-23 14:53 - 2010-03-23 14:53 - 00645632 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2010-05-27 22:29 - 2010-05-27 22:29 - 00396584 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2010-05-27 22:29 - 2010-05-27 22:29 - 00214824 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2012-08-17 18:12 - 2012-08-17 18:12 - 00244672 _____ (Microsoft Corporation) C:\Users\Tobias\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
2012-08-17 18:12 - 2012-08-17 18:12 - 00661448 _____ (Microsoft Corporation) C:\Users\Tobias\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\MSVCP110.dll
2012-08-17 18:12 - 2012-08-17 18:12 - 00828872 _____ (Microsoft Corporation) C:\Users\Tobias\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\MSVCR110.dll
2013-05-25 02:36 - 2013-05-25 02:36 - 00164016 _____ (Dropbox, Inc.) C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\Tobias\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Tobias\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\Tobias\AppData\Roaming\Dropbox\bin\icudt.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\????? ??????? ????????? ????? - Deutsch-online! ???????? ???? ??????.website:favicon
AlternateDataStreams: C:\Users\Tobias\Documents\Thumbs.db:encryptable


==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (09/06/2013 06:50:44 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (09/06/2013 06:50:44 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (09/06/2013 06:50:44 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (09/06/2013 06:50:44 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (09/06/2013 06:50:44 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (09/06/2013 06:50:44 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (09/06/2013 06:50:44 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (09/06/2013 06:50:44 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (09/06/2013 06:50:44 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (09/06/2013 06:50:44 PM) (Source: mbamchameleon) (User: )
Description: C0000022


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-08-16 23:55:36.468
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\wow64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-16 23:53:45.783
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\wow64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-16 23:38:16.210
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\wow64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 61%
Total physical RAM: 4092.2 MB
Available physical RAM: 1559.21 MB
Total Pagefile: 8182.58 MB
Available Pagefile: 5685.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:106.93 GB) (Free:6.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (MICROSD) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
Drive e: (EC_100558) (CDROM) (Total:6.77 GB) (Free:0 GB) UDF
Drive k: (Kontakt) (Fixed) (Total:97.66 GB) (Free:26.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: F1F61A28)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=93 GB) - (Type=05)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

--- --- ---

vielen Dank,
Tobi

Hi, mir ist gerade aufgefallen das mein Problem dem :

Zitat:

vikingr55 Windows 7 Starter: Avira... 31.08.2013, 17:31

vielleicht ähnlich sieht. Ist hier ein ähnliches Problem bei der Lösung zu erwaten?
Grüße,
Tobi

schrauber · 07.09.2013, 11:08

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

TobiB · 07.09.2013, 22:44

Hi,
Vielen Dank schonmal,
Aber ich krieg irgendwie mein Microsoft Security Essentials nicht aus. Hab alles Probiert in
msconfig ausgeschaltet und versucht MsMpEng über den Taskmanager zu beenden. msse ist aber zu beenden. Combo Fix meldet auch, dass die immer noch aktiv sind und da wollte ich das jetzt noch nicht durchlaufen lassen

Hi, Ich habe security essentials deinstalliert und dafür kommt jetzt Avast drauf.
Hier ist die Log vom Combofix

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-09-06.01 - Tobias 07.09.2013  20:17:48.2.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4092.2786 [GMT 2:00]
ausgeführt von:: c:\users\Tobias\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\SysWow64\html
c:\windows\SysWow64\images
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-07 bis 2013-09-07  ))))))))))))))))))))))))))))))
.
.
2013-09-07 18:54 . 2013-09-07 18:54	--------	d-----w-	c:\users\Polina\AppData\Local\temp
2013-09-07 18:54 . 2013-09-07 18:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-06 14:21 . 2013-09-06 14:36	--------	d-----w-	C:\AdwCleaner
2013-08-18 19:28 . 2013-08-18 19:28	--------	d-----w-	c:\users\Tobias_2
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 21:05 . 2012-07-15 22:39	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-20 21:05 . 2011-12-04 20:30	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 21:39 . 2010-04-28 11:31	75825640	----a-w-	c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-17 16:12	220608	----a-w-	c:\users\Tobias\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-17 16:12	220608	----a-w-	c:\users\Tobias\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-17 16:12	220608	----a-w-	c:\users\Tobias\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
.
c:\users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 fireface;Service for Fireface (WDM);c:\windows\system32\drivers\fireface_64.sys;c:\windows\SYSNATIVE\drivers\fireface_64.sys [x]
R3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioLegacyKeyboard_DFU.sys [x]
R3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioLegacyKeyboard.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TwTouch;3M MicroTouch Sensor;c:\windows\system32\DRIVERS\TwTouch.sys;c:\windows\SYSNATIVE\DRIVERS\TwTouch.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 MSSQL$COCHLEAR;SQL Server (COCHLEAR);c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [x]
S2 Prosieben;maxdome Download Manager;c:\program files (x86)\maxdome\DCBin\DCService.exe;c:\program files (x86)\maxdome\DCBin\DCService.exe [x]
S2 TwDrvService;MT7 Serial Search Service;c:\program files (x86)\MICROTOUCH\MT 7\TwService.exe;c:\program files (x86)\MICROTOUCH\MT 7\TwService.exe [x]
S2 TwRegSvc;MT7 Registry Service;c:\program files (x86)\MICROTOUCH\MT 7\TwRegSvc.exe;c:\program files (x86)\MICROTOUCH\MT 7\TwRegSvc.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TwBus;3M MicroTouch Serial Bus Enumerator;c:\windows\system32\DRIVERS\TwBus.sys;c:\windows\SYSNATIVE\DRIVERS\TwBus.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - NisDrv
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 21:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-17 16:12	244672	----a-w-	c:\users\Tobias\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-17 16:12	244672	----a-w-	c:\users\Tobias\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-17 16:12	244672	----a-w-	c:\users\Tobias\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\gh1ag6rt.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Native Instruments Absynth 5 - c:\programdata\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}\Absynth 5 Setup PC.exe
AddRemove-TxcSysUpd_is1 - c:\windows\system32\ToolsCenter.org\unins000.exe
AddRemove-{371B17C3-9624-4583-A497-DF980313D851} - c:\programdata\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}\Absynth 5 Setup PC.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Prosieben]
"ImagePath"="\"c:\program files (x86)\maxdome\DCBin\DCService.exe\" /accountid:Prosieben"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3408962903-4176615068-4096822321-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9A794B0-50CB-998D-FB1B-369BD2DE927B}*]
"iahmmpndnkddaailhl"=hex:6b,61,64,6e,61,66,70,67,6a,6b,70,68,6b,63,62,67,70,61,
   66,6b,66,6e,00,77
"hanmgomjbcdchnod"=hex:6b,61,64,6e,61,66,70,67,6a,6b,70,68,6b,63,62,67,70,61,
   66,6b,66,6e,00,77
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-07  20:57:22
ComboFix-quarantined-files.txt  2013-09-07 18:57
.
Vor Suchlauf: 8.080.031.744 Bytes frei
Nach Suchlauf: 7.884.767.232 Bytes frei
.
- - End Of File - - 21313664ED33AA2D18903DE6417B57AE

--- --- ---
8E734BD7AA1D4F7E9AF58DF495F6CF9E

[/CODE]

Hi,
Ich hoffe mein letzter Post ist nicht übersehen worden. Ich habe jetzt auch kein Internet über Windows mehr.
Ich bin jetzt von der Linux partition online. Bei Linux meldete er auch irgenwie das er keine Updates runterladen kann. Ich bin gerade recht verzweifelt hier.

schrauber · 09.09.2013, 05:18

Haste mal den Router neu gestartet?

Kannste Logs und Tools per Stick transferieren?

TobiB · 09.09.2013, 09:03

Hi, Jo hab router neu gestartet und hab jetzt wieder Zugang zum Netz über WLAN.

schrauber · 09.09.2013, 16:39

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

TobiB · 09.09.2013, 20:01

Hi, hier kommen die logs:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.09.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Tobias :: TOBIAS-PC [Administrator]

Schutz: Aktiviert

09.09.2013 18:26:40
mbam-log-2013-09-09 (18-26-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 281822
Laufzeit: 6 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.003 - Bericht erstellt am 09/09/2013 um 18:45:04
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Tobias - TOBIAS-PC
# Gestartet von : C:\Users\Tobias\Desktop\adwcleaner(1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_camstudio_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_camstudio_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_codec-pack-all-in-one[1]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_codec-pack-all-in-one[1]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_midi-to-wav-converter_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_midi-to-wav-converter_RASMANCS

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16611


-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\gh1ag6rt.default\prefs.js ]


[ Datei : C:\Users\Polina\AppData\Roaming\Mozilla\Firefox\Profiles\om8cmijr.default\prefs.js ]


[ Datei : C:\Users\Tobias_2\AppData\Roaming\Mozilla\Firefox\Profiles\g2cld2cz.default\prefs.js ]


-\\ Google Chrome v29.0.1547.66

[ Datei : C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1905 octets] - [06/09/2013 16:36:14]
AdwCleaner[R1].txt - [1910 octets] - [09/09/2013 18:38:03]
AdwCleaner[R2].txt - [1970 octets] - [09/09/2013 18:44:05]
AdwCleaner[S0].txt - [1891 octets] - [09/09/2013 18:45:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1951 octets] ##########

--- --- ---

JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Professional x64
Ran by Tobias on 09.09.2013 at 18:49:50,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{AC567A00-C83F-482E-B0B9-20D9E7C68220}



~~~ FireFox

Emptied folder: C:\Users\Tobias\AppData\Roaming\mozilla\firefox\profiles\gh1ag6rt.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.09.2013 at 19:07:16,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2013
Ran by Tobias (administrator) on TOBIAS-PC on 09-09-2013 20:42:13
Running from C:\Users\Tobias\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\DCService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(3M Touch Systems, Inc.) C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwService.exe
(3M Touch Systems, Inc.) C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwRegSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKU\Tobias_2\...\Run: [Google Update] -  [x]
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {643B9224-F29B-4E9A-A9FA-F3C35CEA6F43} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\gh1ag6rt.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.2.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Default Manager - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\gh1ag6rt.default\Extensions\DefaultManager@Microsoft
FF Extension: zotero - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\gh1ag6rt.default\Extensions\zotero@chnm.gmu.edu.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MSSQL$COCHLEAR; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 TwDrvService; C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwService.exe [183296 2010-09-08] (3M Touch Systems, Inc.)
R2 TwRegSvc; C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwRegSvc.exe [44544 2009-11-12] (3M Touch Systems, Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 MADFULEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [28680 2010-02-09] (M-Audio)
S3 MAUSBLEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard.sys [196616 2010-02-09] (M-Audio)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 TwBus; C:\Windows\System32\DRIVERS\TwBus.sys [18856 2010-03-01] (3M)
S3 TwTouch; C:\Windows\System32\DRIVERS\TwTouch.sys [112640 2011-05-05] (3M)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 fireface; system32\drivers\fireface_64.sys [x]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-09 19:07 - 2013-09-09 19:07 - 00000974 _____ C:\Users\Tobias\Desktop\JRT.txt
2013-09-09 18:49 - 2013-09-09 18:49 - 00002031 _____ C:\Users\Tobias\Desktop\AdwCleaner[S0].txt
2013-09-09 18:42 - 2013-09-09 18:42 - 01029490 _____ (Thisisu) C:\Users\Tobias\Downloads\JRT.exe
2013-09-09 18:42 - 2013-09-09 18:42 - 01029490 _____ (Thisisu) C:\Users\Tobias\Desktop\JRT.exe
2013-09-09 18:36 - 2013-09-09 18:35 - 01037278 _____ C:\Users\Tobias\Desktop\adwcleaner(1).exe
2013-09-09 18:35 - 2013-09-09 18:35 - 01037278 _____ C:\Users\Tobias\Downloads\adwcleaner(1).exe
2013-09-09 18:20 - 2013-09-09 18:21 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tobias\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-07 23:20 - 2013-09-07 23:20 - 00007605 _____ C:\Users\Tobias\AppData\Local\Resmon.ResmonCfg
2013-09-07 21:08 - 2013-09-07 21:08 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-07 21:05 - 2013-09-09 20:12 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-07 21:05 - 2013-09-09 18:47 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-07 21:05 - 2013-09-07 22:07 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-07 21:05 - 2013-09-07 22:07 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-09-07 21:05 - 2013-09-07 22:05 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-07 21:05 - 2013-09-07 21:05 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-07 21:05 - 2013-09-07 21:05 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-07 21:05 - 2013-08-30 09:48 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-07 21:05 - 2013-08-30 09:48 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-07 21:05 - 2013-08-30 09:48 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-07 21:05 - 2013-08-30 09:48 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-07 21:05 - 2013-08-30 09:48 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-07 21:05 - 2013-08-30 09:48 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-07 21:05 - 2013-08-30 09:48 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-07 21:05 - 2013-08-30 09:48 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-07 21:05 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-07 21:05 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-07 21:04 - 2013-09-07 21:04 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-07 21:04 - 2013-09-07 21:04 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-07 21:01 - 2013-09-07 21:04 - 131918888 _____ C:\Users\Tobias\Downloads\avast_free_antivirus_setup.exe
2013-09-07 20:57 - 2013-09-07 20:57 - 00019967 _____ C:\ComboFix.txt
2013-09-07 12:37 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-07 12:37 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-07 12:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-07 12:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-07 12:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-07 12:37 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-07 12:37 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-07 12:37 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-07 12:33 - 2013-09-07 20:57 - 00000000 ____D C:\Qoobox
2013-09-07 12:33 - 2013-09-07 20:55 - 00000000 ____D C:\Windows\erdnt
2013-09-07 12:31 - 2013-09-07 12:30 - 05120615 ____R (Swearware) C:\Users\Tobias\Desktop\ComboFix.exe
2013-09-07 12:30 - 2013-09-07 12:30 - 05120615 _____ (Swearware) C:\Users\Tobias\Downloads\ComboFix.exe
2013-09-06 20:10 - 2013-09-06 21:13 - 00053737 _____ C:\Users\Tobias\Desktop\Logfiles.zip
2013-09-06 20:07 - 2013-09-06 18:44 - 01948360 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe
2013-09-06 18:58 - 2013-09-06 18:58 - 00000000 _____ C:\Users\Tobias\defogger_reenable
2013-09-06 18:50 - 2013-09-06 18:50 - 00050477 _____ C:\Users\Tobias\Downloads\Defogger.exe
2013-09-06 18:50 - 2013-09-06 18:50 - 00050477 _____ C:\Users\Tobias\Desktop\Defogger.exe
2013-09-06 18:44 - 2013-09-06 18:44 - 01948360 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64.exe
2013-09-06 18:37 - 2013-09-06 18:37 - 00000000 ____D C:\Users\Tobias\Desktop\mbar
2013-09-06 18:13 - 2013-09-06 18:13 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Tobias\Downloads\mbar-1.07.0.1005.exe
2013-09-06 17:05 - 2013-09-06 17:12 - 00102114 _____ C:\Users\Tobias\Downloads\Extras.Txt
2013-09-06 16:45 - 2013-09-06 17:12 - 00208998 _____ C:\Users\Tobias\Downloads\OTL.Txt
2013-09-06 16:21 - 2013-09-09 18:45 - 00000000 ____D C:\AdwCleaner
2013-09-06 16:19 - 2013-09-06 16:20 - 01037222 _____ C:\Users\Tobias\Downloads\adwcleaner.exe
2013-09-06 14:52 - 2013-09-06 14:52 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Malwarebytes
2013-09-06 14:33 - 2013-09-06 14:33 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Google
2013-08-30 18:35 - 2013-08-30 18:35 - 02816285 _____ C:\Users\Tobias\Downloads\T-REC-P.563-200405-I!!SOFT-ZST-E.zip
2013-08-28 10:33 - 2013-08-28 10:33 - 04743685 _____ C:\Users\Tobias\Downloads\1170088037_File_5722_EzFFT_1.4.zip
2013-08-25 23:15 - 2013-08-25 23:16 - 00000000 ____D C:\Users\Tobias\Desktop\MOC
2013-08-25 23:14 - 2013-08-25 23:19 - 59162340 _____ C:\Users\Tobias\Downloads\Literatur.zip
2013-08-19 22:26 - 2013-08-19 22:29 - 27891222 _____ (Igor Pavlov) C:\Users\Tobias_2\Downloads\tor-browser-2.3.25-12_en-US.exe
2013-08-18 21:43 - 2013-08-18 21:43 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Macromedia
2013-08-18 21:43 - 2013-08-18 21:43 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Macromedia
2013-08-18 21:29 - 2013-08-18 21:29 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Mozilla
2013-08-18 21:29 - 2013-08-18 21:29 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Mozilla
2013-08-18 21:28 - 2013-08-18 21:28 - 00129456 _____ C:\Users\Tobias_2\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-18 21:28 - 2013-08-18 21:28 - 00000020 ___SH C:\Users\Tobias_2\ntuser.ini
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Vorlagen
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Startmenü
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Netzwerkumgebung
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Lokale Einstellungen
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Eigene Dateien
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Druckumgebung
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Documents\Eigene Musik
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Documents\Eigene Bilder
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\AppData\Local\Verlauf
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\AppData\Local\Anwendungsdaten
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Anwendungsdaten
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 ___RD C:\Users\Tobias_2\Virtual Machines
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Adobe
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 ____D C:\Users\Tobias_2
2013-08-18 21:28 - 2011-11-16 04:05 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Microsoft Help
2013-08-18 21:28 - 2010-04-30 17:41 - 00000000 ____D C:\Users\Tobias_2\Documents\Visual Studio 2008
2013-08-18 13:15 - 2013-08-18 13:15 - 00015250 _____ C:\Users\Tobias\Desktop\hs_err_pid8440.log
2013-08-18 01:51 - 2013-08-18 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 23:31 - 2013-08-19 23:54 - 00000000 ____D C:\Users\Public\Documents\maxdome

==================== One Month Modified Files and Folders =======

2013-09-09 20:17 - 2013-09-09 20:16 - 00026750 _____ C:\Users\Tobias\Desktop\Addition.txt
2013-09-09 20:12 - 2013-09-07 21:05 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-09 20:05 - 2012-07-16 00:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-09 19:07 - 2013-09-09 19:07 - 00000974 _____ C:\Users\Tobias\Desktop\JRT.txt
2013-09-09 18:55 - 2009-07-14 06:45 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-09 18:55 - 2009-07-14 06:45 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-09 18:51 - 2010-04-28 04:46 - 01715779 _____ C:\Windows\WindowsUpdate.log
2013-09-09 18:49 - 2013-09-09 18:49 - 00002031 _____ C:\Users\Tobias\Desktop\AdwCleaner[S0].txt
2013-09-09 18:48 - 2010-04-28 20:03 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Dropbox
2013-09-09 18:47 - 2013-09-07 21:05 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-09 18:46 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-09 18:46 - 2009-07-14 06:51 - 00103739 _____ C:\Windows\setupact.log
2013-09-09 18:45 - 2013-09-06 16:21 - 00000000 ____D C:\AdwCleaner
2013-09-09 18:42 - 2013-09-09 18:42 - 01029490 _____ (Thisisu) C:\Users\Tobias\Downloads\JRT.exe
2013-09-09 18:42 - 2013-09-09 18:42 - 01029490 _____ (Thisisu) C:\Users\Tobias\Desktop\JRT.exe
2013-09-09 18:35 - 2013-09-09 18:36 - 01037278 _____ C:\Users\Tobias\Desktop\adwcleaner(1).exe
2013-09-09 18:35 - 2013-09-09 18:35 - 01037278 _____ C:\Users\Tobias\Downloads\adwcleaner(1).exe
2013-09-09 18:21 - 2013-09-09 18:20 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tobias\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-09 18:21 - 2013-07-23 21:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 16:37 - 2010-04-28 20:05 - 00000000 ___RD C:\Users\Tobias\Documents\My Dropbox
2013-09-07 23:20 - 2013-09-07 23:20 - 00007605 _____ C:\Users\Tobias\AppData\Local\Resmon.ResmonCfg
2013-09-07 22:07 - 2013-09-07 21:05 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-07 22:07 - 2013-09-07 21:05 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-09-07 22:05 - 2013-09-07 21:05 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-07 22:03 - 2010-04-29 11:34 - 00063576 _____ C:\Windows\PFRO.log
2013-09-07 21:09 - 2010-04-28 23:11 - 00000000 ____D C:\Users\Tobias\AppData\Local\Google
2013-09-07 21:08 - 2013-09-07 21:08 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-07 21:08 - 2010-06-26 11:53 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-07 21:05 - 2013-09-07 21:05 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-07 21:05 - 2013-09-07 21:05 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-07 21:04 - 2013-09-07 21:04 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-07 21:04 - 2013-09-07 21:04 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-07 21:04 - 2013-09-07 21:01 - 131918888 _____ C:\Users\Tobias\Downloads\avast_free_antivirus_setup.exe
2013-09-07 20:57 - 2013-09-07 20:57 - 00019967 _____ C:\ComboFix.txt
2013-09-07 20:57 - 2013-09-07 12:33 - 00000000 ____D C:\Qoobox
2013-09-07 20:57 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-07 20:55 - 2013-09-07 12:33 - 00000000 ____D C:\Windows\erdnt
2013-09-07 20:55 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-07 20:15 - 2011-02-02 20:27 - 00001912 _____ C:\Windows\epplauncher.mif
2013-09-07 20:12 - 2010-05-01 16:37 - 00000284 _____ C:\Windows\matlab.ini
2013-09-07 16:46 - 2010-05-01 16:37 - 00000000 ____D C:\Users\Tobias\Documents\MATLAB
2013-09-07 13:41 - 2012-07-30 12:21 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Skype
2013-09-07 12:30 - 2013-09-07 12:31 - 05120615 ____R (Swearware) C:\Users\Tobias\Desktop\ComboFix.exe
2013-09-07 12:30 - 2013-09-07 12:30 - 05120615 _____ (Swearware) C:\Users\Tobias\Downloads\ComboFix.exe
2013-09-06 22:54 - 2010-04-28 04:58 - 00000000 ____D C:\Users\Tobias
2013-09-06 21:13 - 2013-09-06 20:10 - 00053737 _____ C:\Users\Tobias\Desktop\Logfiles.zip
2013-09-06 20:12 - 2013-07-19 01:40 - 00000000 ____D C:\Users\Tobias\Desktop\TForumStuff
2013-09-06 18:58 - 2013-09-06 18:58 - 00000000 _____ C:\Users\Tobias\defogger_reenable
2013-09-06 18:50 - 2013-09-06 18:50 - 00050477 _____ C:\Users\Tobias\Downloads\Defogger.exe
2013-09-06 18:50 - 2013-09-06 18:50 - 00050477 _____ C:\Users\Tobias\Desktop\Defogger.exe
2013-09-06 18:44 - 2013-09-06 20:07 - 01948360 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe
2013-09-06 18:44 - 2013-09-06 18:44 - 01948360 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64.exe
2013-09-06 18:37 - 2013-09-06 18:37 - 00000000 ____D C:\Users\Tobias\Desktop\mbar
2013-09-06 18:37 - 2013-07-18 22:50 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-06 18:13 - 2013-09-06 18:13 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Tobias\Downloads\mbar-1.07.0.1005.exe
2013-09-06 17:12 - 2013-09-06 17:05 - 00102114 _____ C:\Users\Tobias\Downloads\Extras.Txt
2013-09-06 17:12 - 2013-09-06 16:45 - 00208998 _____ C:\Users\Tobias\Downloads\OTL.Txt
2013-09-06 16:25 - 2013-01-20 22:57 - 00011414 _____ C:\Users\Tobias\gsview64.ini
2013-09-06 16:20 - 2013-09-06 16:19 - 01037222 _____ C:\Users\Tobias\Downloads\adwcleaner.exe
2013-09-06 14:52 - 2013-09-06 14:52 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Malwarebytes
2013-09-06 14:33 - 2013-09-06 14:33 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Google
2013-09-06 14:05 - 2013-01-06 00:48 - 00000000 ____D C:\Users\Tobias\Documents\PraktikumMasterBericht
2013-09-05 23:03 - 2012-08-11 07:38 - 00001115 _____ C:\Users\Tobias\Documents\TXCUserDictionary.dic
2013-09-03 22:18 - 2013-02-08 16:43 - 00000000 ____D C:\Users\Tobias\Documents\BibTexSync
2013-09-03 01:00 - 2009-07-14 19:58 - 00761260 _____ C:\Windows\system32\perfh007.dat
2013-09-03 01:00 - 2009-07-14 19:58 - 00173350 _____ C:\Windows\system32\perfc007.dat
2013-09-03 01:00 - 2009-07-14 07:13 - 01782776 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-30 18:35 - 2013-08-30 18:35 - 02816285 _____ C:\Users\Tobias\Downloads\T-REC-P.563-200405-I!!SOFT-ZST-E.zip
2013-08-30 09:48 - 2013-09-07 21:05 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2013-09-07 21:05 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2013-09-07 21:05 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-07 21:05 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2013-09-07 21:05 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2013-09-07 21:05 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2013-09-07 21:05 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2013-09-07 21:05 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2013-09-07 21:05 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-30 09:47 - 2013-09-07 21:05 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-28 10:33 - 2013-08-28 10:33 - 04743685 _____ C:\Users\Tobias\Downloads\1170088037_File_5722_EzFFT_1.4.zip
2013-08-25 23:19 - 2013-08-25 23:14 - 59162340 _____ C:\Users\Tobias\Downloads\Literatur.zip
2013-08-25 23:16 - 2013-08-25 23:15 - 00000000 ____D C:\Users\Tobias\Desktop\MOC
2013-08-22 02:19 - 2012-01-09 22:55 - 00000000 ____D C:\Users\Tobias\Documents\HuAMaster
2013-08-20 23:05 - 2012-07-16 00:39 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 23:05 - 2012-07-16 00:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 23:05 - 2011-12-04 22:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-19 23:54 - 2013-08-16 23:31 - 00000000 ____D C:\Users\Public\Documents\maxdome
2013-08-19 22:29 - 2013-08-19 22:26 - 27891222 _____ (Igor Pavlov) C:\Users\Tobias_2\Downloads\tor-browser-2.3.25-12_en-US.exe
2013-08-19 21:01 - 2012-04-27 06:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 21:43 - 2013-08-18 21:43 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Macromedia
2013-08-18 21:43 - 2013-08-18 21:43 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Macromedia
2013-08-18 21:29 - 2013-08-18 21:29 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Mozilla
2013-08-18 21:29 - 2013-08-18 21:29 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Mozilla
2013-08-18 21:28 - 2013-08-18 21:28 - 00129456 _____ C:\Users\Tobias_2\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-18 21:28 - 2013-08-18 21:28 - 00000020 ___SH C:\Users\Tobias_2\ntuser.ini
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Vorlagen
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Startmenü
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Netzwerkumgebung
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Lokale Einstellungen
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Eigene Dateien
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Druckumgebung
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Documents\Eigene Musik
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Documents\Eigene Bilder
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\AppData\Local\Verlauf
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\AppData\Local\Anwendungsdaten
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Anwendungsdaten
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 ___RD C:\Users\Tobias_2\Virtual Machines
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Adobe
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 ____D C:\Users\Tobias_2
2013-08-18 13:38 - 2013-08-18 01:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-18 13:15 - 2013-08-18 13:15 - 00015250 _____ C:\Users\Tobias\Desktop\hs_err_pid8440.log
2013-08-16 23:26 - 2013-03-04 22:17 - 00129456 _____ C:\Users\Polina\AppData\Local\GDIPFONTCACHEV1.DAT

Files to move or delete:
====================
C:\Users\Tobias\AppData\Local\Temp\Quarantine.exe
C:\Users\Tobias\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 13:24

==================== End Of Log ============================

--- --- ---

schrauber · 10.09.2013, 08:00

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

TobiB · 11.09.2013, 16:39

Hi, hier kommen die logs:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2b62d05cce879e4ab55b313e335b4db7
# engine=15085
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-11 12:26:43
# local_time=2013-09-11 02:26:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 321670 155612275 0 0
# compatibility_mode=5893 16776573 100 94 146998 130532253 0 0
# scanned=377220
# found=3
# cleaned=0
# scan_time=11769
sh=C8753FAC1EA9D6AB2B8A5EDCBA9AA40D6FD567FD ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-1493.FY trojan" ac=I fn="C:\.Trash-1000\files\jar_cache5592377057806768219.tmp"
sh=C7307D61572163156FCD3CCD831B5D963E17F9E8 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\7c8a5f49-64e381da"
sh=4CFB3207A0D38F06A03C6CEB99231C440A1DAE93 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.PMU trojan" ac=I fn="C:\Users\Tobias_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\57fb887e-38b10689"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 18  
 Java(TM) 6 Update 35  
 Java version out of Date! 
 Adobe Flash Player 11.8.800.168  
 Adobe Reader XI  
 Mozilla Firefox (23.0.1) 
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2013
Ran by Tobias (administrator) on TOBIAS-PC on 11-09-2013 15:38:51
Running from C:\Users\Tobias\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\DCService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(3M Touch Systems, Inc.) C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwService.exe
(3M Touch Systems, Inc.) C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwRegSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKU\Polina\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe -update plugin [x]
HKU\Tobias_2\...\Run: [Google Update] -  [x]
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {643B9224-F29B-4E9A-A9FA-F3C35CEA6F43} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\gh1ag6rt.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.2.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Default Manager - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\gh1ag6rt.default\Extensions\DefaultManager@Microsoft
FF Extension: zotero - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\gh1ag6rt.default\Extensions\zotero@chnm.gmu.edu.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$COCHLEAR; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 TwDrvService; C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwService.exe [183296 2010-09-08] (3M Touch Systems, Inc.)
R2 TwRegSvc; C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwRegSvc.exe [44544 2009-11-12] (3M Touch Systems, Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 MADFULEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [28680 2010-02-09] (M-Audio)
S3 MAUSBLEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard.sys [196616 2010-02-09] (M-Audio)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 TwBus; C:\Windows\System32\DRIVERS\TwBus.sys [18856 2010-03-01] (3M)
S3 TwTouch; C:\Windows\System32\DRIVERS\TwTouch.sys [112640 2011-05-05] (3M)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 fireface; system32\drivers\fireface_64.sys [x]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 15:16 - 2013-09-11 15:16 - 00891144 _____ C:\Users\Tobias\Desktop\SecurityCheck.exe
2013-09-11 15:15 - 2013-09-11 15:16 - 00891144 _____ C:\Users\Tobias\Downloads\SecurityCheck.exe
2013-09-11 11:05 - 2013-09-11 11:05 - 02347384 _____ (ESET) C:\Users\Tobias\Downloads\esetsmartinstaller_enu.exe
2013-09-10 23:09 - 2013-09-11 00:19 - 00000000 ____D C:\Users\Polina\Desktop\polina tao bao
2013-09-09 21:02 - 2013-09-09 21:03 - 00000000 ____D C:\Users\Tobias\Desktop\LogFiles0909
2013-09-09 18:42 - 2013-09-09 18:42 - 01029490 _____ (Thisisu) C:\Users\Tobias\Downloads\JRT.exe
2013-09-09 18:42 - 2013-09-09 18:42 - 01029490 _____ (Thisisu) C:\Users\Tobias\Desktop\JRT.exe
2013-09-09 18:36 - 2013-09-09 18:35 - 01037278 _____ C:\Users\Tobias\Desktop\adwcleaner(1).exe
2013-09-09 18:35 - 2013-09-09 18:35 - 01037278 _____ C:\Users\Tobias\Downloads\adwcleaner(1).exe
2013-09-09 18:20 - 2013-09-09 18:21 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tobias\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-07 23:20 - 2013-09-07 23:20 - 00007605 _____ C:\Users\Tobias\AppData\Local\Resmon.ResmonCfg
2013-09-07 21:08 - 2013-09-07 21:08 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-07 21:05 - 2013-09-11 15:12 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-07 21:05 - 2013-09-11 11:01 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-07 21:05 - 2013-09-07 22:07 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-07 21:05 - 2013-09-07 22:07 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-09-07 21:05 - 2013-09-07 22:05 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-07 21:05 - 2013-09-07 21:05 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-07 21:05 - 2013-09-07 21:05 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-07 21:05 - 2013-08-30 09:48 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-07 21:05 - 2013-08-30 09:48 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-07 21:05 - 2013-08-30 09:48 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-07 21:05 - 2013-08-30 09:48 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-07 21:05 - 2013-08-30 09:48 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-07 21:05 - 2013-08-30 09:48 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-07 21:05 - 2013-08-30 09:48 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-07 21:05 - 2013-08-30 09:48 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-07 21:05 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-07 21:05 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-07 21:04 - 2013-09-07 21:04 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-07 21:04 - 2013-09-07 21:04 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-07 21:01 - 2013-09-07 21:04 - 131918888 _____ C:\Users\Tobias\Downloads\avast_free_antivirus_setup.exe
2013-09-07 20:57 - 2013-09-07 20:57 - 00019967 _____ C:\ComboFix.txt
2013-09-07 12:37 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-07 12:37 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-07 12:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-07 12:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-07 12:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-07 12:37 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-07 12:37 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-07 12:37 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-07 12:33 - 2013-09-07 20:57 - 00000000 ____D C:\Qoobox
2013-09-07 12:33 - 2013-09-07 20:55 - 00000000 ____D C:\Windows\erdnt
2013-09-07 12:31 - 2013-09-07 12:30 - 05120615 ____R (Swearware) C:\Users\Tobias\Desktop\ComboFix.exe
2013-09-07 12:30 - 2013-09-07 12:30 - 05120615 _____ (Swearware) C:\Users\Tobias\Downloads\ComboFix.exe
2013-09-06 20:10 - 2013-09-06 21:13 - 00053737 _____ C:\Users\Tobias\Desktop\Logfiles.zip
2013-09-06 20:07 - 2013-09-06 18:44 - 01948360 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe
2013-09-06 18:58 - 2013-09-06 18:58 - 00000000 _____ C:\Users\Tobias\defogger_reenable
2013-09-06 18:50 - 2013-09-06 18:50 - 00050477 _____ C:\Users\Tobias\Downloads\Defogger.exe
2013-09-06 18:50 - 2013-09-06 18:50 - 00050477 _____ C:\Users\Tobias\Desktop\Defogger.exe
2013-09-06 18:44 - 2013-09-06 18:44 - 01948360 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64.exe
2013-09-06 18:37 - 2013-09-06 18:37 - 00000000 ____D C:\Users\Tobias\Desktop\mbar
2013-09-06 18:13 - 2013-09-06 18:13 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Tobias\Downloads\mbar-1.07.0.1005.exe
2013-09-06 17:05 - 2013-09-06 17:12 - 00102114 _____ C:\Users\Tobias\Downloads\Extras.Txt
2013-09-06 16:45 - 2013-09-06 17:12 - 00208998 _____ C:\Users\Tobias\Downloads\OTL.Txt
2013-09-06 16:21 - 2013-09-09 18:45 - 00000000 ____D C:\AdwCleaner
2013-09-06 16:19 - 2013-09-06 16:20 - 01037222 _____ C:\Users\Tobias\Downloads\adwcleaner.exe
2013-09-06 14:52 - 2013-09-06 14:52 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Malwarebytes
2013-09-06 14:33 - 2013-09-06 14:33 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Google
2013-08-30 18:35 - 2013-08-30 18:35 - 02816285 _____ C:\Users\Tobias\Downloads\T-REC-P.563-200405-I!!SOFT-ZST-E.zip
2013-08-28 10:33 - 2013-08-28 10:33 - 04743685 _____ C:\Users\Tobias\Downloads\1170088037_File_5722_EzFFT_1.4.zip
2013-08-25 23:15 - 2013-08-25 23:16 - 00000000 ____D C:\Users\Tobias\Desktop\MOC
2013-08-25 23:14 - 2013-08-25 23:19 - 59162340 _____ C:\Users\Tobias\Downloads\Literatur.zip
2013-08-19 22:26 - 2013-08-19 22:29 - 27891222 _____ (Igor Pavlov) C:\Users\Tobias_2\Downloads\tor-browser-2.3.25-12_en-US.exe
2013-08-18 21:43 - 2013-08-18 21:43 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Macromedia
2013-08-18 21:43 - 2013-08-18 21:43 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Macromedia
2013-08-18 21:29 - 2013-08-18 21:29 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Mozilla
2013-08-18 21:29 - 2013-08-18 21:29 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Mozilla
2013-08-18 21:28 - 2013-08-18 21:28 - 00129456 _____ C:\Users\Tobias_2\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-18 21:28 - 2013-08-18 21:28 - 00000020 ___SH C:\Users\Tobias_2\ntuser.ini
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Vorlagen
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Startmenü
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Netzwerkumgebung
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Lokale Einstellungen
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Eigene Dateien
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Druckumgebung
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Documents\Eigene Musik
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Documents\Eigene Bilder
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\AppData\Local\Verlauf
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\AppData\Local\Anwendungsdaten
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Anwendungsdaten
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 ___RD C:\Users\Tobias_2\Virtual Machines
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Adobe
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 ____D C:\Users\Tobias_2
2013-08-18 21:28 - 2011-11-16 04:05 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Microsoft Help
2013-08-18 21:28 - 2010-04-30 17:41 - 00000000 ____D C:\Users\Tobias_2\Documents\Visual Studio 2008
2013-08-18 13:15 - 2013-08-18 13:15 - 00015250 _____ C:\Users\Tobias\Desktop\hs_err_pid8440.log
2013-08-18 01:51 - 2013-08-18 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 23:31 - 2013-08-19 23:54 - 00000000 ____D C:\Users\Public\Documents\maxdome

==================== One Month Modified Files and Folders =======

2013-09-11 15:38 - 2013-09-11 15:38 - 00000940 _____ C:\Users\Tobias\Desktop\checkup.txt
2013-09-11 15:16 - 2013-09-11 15:16 - 00891144 _____ C:\Users\Tobias\Desktop\SecurityCheck.exe
2013-09-11 15:16 - 2013-09-11 15:15 - 00891144 _____ C:\Users\Tobias\Downloads\SecurityCheck.exe
2013-09-11 15:12 - 2013-09-07 21:05 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-11 15:05 - 2012-07-16 00:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 14:39 - 2010-04-28 04:46 - 01962979 _____ C:\Windows\WindowsUpdate.log
2013-09-11 11:06 - 2009-07-14 06:45 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 11:06 - 2009-07-14 06:45 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 11:05 - 2013-09-11 11:05 - 02347384 _____ (ESET) C:\Users\Tobias\Downloads\esetsmartinstaller_enu.exe
2013-09-11 11:02 - 2010-04-28 20:03 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Dropbox
2013-09-11 11:01 - 2013-09-07 21:05 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-11 11:01 - 2010-04-28 20:05 - 00000000 ___RD C:\Users\Tobias\Documents\My Dropbox
2013-09-11 10:58 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-11 10:58 - 2009-07-14 06:51 - 00103851 _____ C:\Windows\setupact.log
2013-09-11 00:19 - 2013-09-10 23:09 - 00000000 ____D C:\Users\Polina\Desktop\polina tao bao
2013-09-10 23:05 - 2012-07-16 00:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-10 23:05 - 2012-07-16 00:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-10 23:05 - 2011-12-04 22:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-09 21:03 - 2013-09-09 21:02 - 00000000 ____D C:\Users\Tobias\Desktop\LogFiles0909
2013-09-09 18:45 - 2013-09-06 16:21 - 00000000 ____D C:\AdwCleaner
2013-09-09 18:42 - 2013-09-09 18:42 - 01029490 _____ (Thisisu) C:\Users\Tobias\Downloads\JRT.exe
2013-09-09 18:42 - 2013-09-09 18:42 - 01029490 _____ (Thisisu) C:\Users\Tobias\Desktop\JRT.exe
2013-09-09 18:35 - 2013-09-09 18:36 - 01037278 _____ C:\Users\Tobias\Desktop\adwcleaner(1).exe
2013-09-09 18:35 - 2013-09-09 18:35 - 01037278 _____ C:\Users\Tobias\Downloads\adwcleaner(1).exe
2013-09-09 18:21 - 2013-09-09 18:20 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tobias\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-09 18:21 - 2013-07-23 21:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-07 23:20 - 2013-09-07 23:20 - 00007605 _____ C:\Users\Tobias\AppData\Local\Resmon.ResmonCfg
2013-09-07 22:07 - 2013-09-07 21:05 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-07 22:07 - 2013-09-07 21:05 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-09-07 22:05 - 2013-09-07 21:05 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-07 22:03 - 2010-04-29 11:34 - 00063576 _____ C:\Windows\PFRO.log
2013-09-07 21:09 - 2010-04-28 23:11 - 00000000 ____D C:\Users\Tobias\AppData\Local\Google
2013-09-07 21:08 - 2013-09-07 21:08 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-07 21:08 - 2010-06-26 11:53 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-07 21:05 - 2013-09-07 21:05 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-07 21:05 - 2013-09-07 21:05 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-07 21:04 - 2013-09-07 21:04 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-07 21:04 - 2013-09-07 21:04 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-07 21:04 - 2013-09-07 21:01 - 131918888 _____ C:\Users\Tobias\Downloads\avast_free_antivirus_setup.exe
2013-09-07 20:57 - 2013-09-07 20:57 - 00019967 _____ C:\ComboFix.txt
2013-09-07 20:57 - 2013-09-07 12:33 - 00000000 ____D C:\Qoobox
2013-09-07 20:57 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-07 20:55 - 2013-09-07 12:33 - 00000000 ____D C:\Windows\erdnt
2013-09-07 20:55 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-07 20:15 - 2011-02-02 20:27 - 00001912 _____ C:\Windows\epplauncher.mif
2013-09-07 20:12 - 2010-05-01 16:37 - 00000284 _____ C:\Windows\matlab.ini
2013-09-07 16:46 - 2010-05-01 16:37 - 00000000 ____D C:\Users\Tobias\Documents\MATLAB
2013-09-07 13:41 - 2012-07-30 12:21 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Skype
2013-09-07 12:30 - 2013-09-07 12:31 - 05120615 ____R (Swearware) C:\Users\Tobias\Desktop\ComboFix.exe
2013-09-07 12:30 - 2013-09-07 12:30 - 05120615 _____ (Swearware) C:\Users\Tobias\Downloads\ComboFix.exe
2013-09-06 22:54 - 2010-04-28 04:58 - 00000000 ____D C:\Users\Tobias
2013-09-06 21:13 - 2013-09-06 20:10 - 00053737 _____ C:\Users\Tobias\Desktop\Logfiles.zip
2013-09-06 20:12 - 2013-07-19 01:40 - 00000000 ____D C:\Users\Tobias\Desktop\TForumStuff
2013-09-06 18:58 - 2013-09-06 18:58 - 00000000 _____ C:\Users\Tobias\defogger_reenable
2013-09-06 18:50 - 2013-09-06 18:50 - 00050477 _____ C:\Users\Tobias\Downloads\Defogger.exe
2013-09-06 18:50 - 2013-09-06 18:50 - 00050477 _____ C:\Users\Tobias\Desktop\Defogger.exe
2013-09-06 18:44 - 2013-09-06 20:07 - 01948360 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe
2013-09-06 18:44 - 2013-09-06 18:44 - 01948360 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64.exe
2013-09-06 18:37 - 2013-09-06 18:37 - 00000000 ____D C:\Users\Tobias\Desktop\mbar
2013-09-06 18:37 - 2013-07-18 22:50 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-06 18:13 - 2013-09-06 18:13 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Tobias\Downloads\mbar-1.07.0.1005.exe
2013-09-06 17:12 - 2013-09-06 17:05 - 00102114 _____ C:\Users\Tobias\Downloads\Extras.Txt
2013-09-06 17:12 - 2013-09-06 16:45 - 00208998 _____ C:\Users\Tobias\Downloads\OTL.Txt
2013-09-06 16:25 - 2013-01-20 22:57 - 00011414 _____ C:\Users\Tobias\gsview64.ini
2013-09-06 16:20 - 2013-09-06 16:19 - 01037222 _____ C:\Users\Tobias\Downloads\adwcleaner.exe
2013-09-06 14:52 - 2013-09-06 14:52 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Malwarebytes
2013-09-06 14:33 - 2013-09-06 14:33 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Google
2013-09-06 14:05 - 2013-01-06 00:48 - 00000000 ____D C:\Users\Tobias\Documents\PraktikumMasterBericht
2013-09-05 23:03 - 2012-08-11 07:38 - 00001115 _____ C:\Users\Tobias\Documents\TXCUserDictionary.dic
2013-09-03 22:18 - 2013-02-08 16:43 - 00000000 ____D C:\Users\Tobias\Documents\BibTexSync
2013-09-03 01:00 - 2009-07-14 19:58 - 00761260 _____ C:\Windows\system32\perfh007.dat
2013-09-03 01:00 - 2009-07-14 19:58 - 00173350 _____ C:\Windows\system32\perfc007.dat
2013-09-03 01:00 - 2009-07-14 07:13 - 01782776 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-30 18:35 - 2013-08-30 18:35 - 02816285 _____ C:\Users\Tobias\Downloads\T-REC-P.563-200405-I!!SOFT-ZST-E.zip
2013-08-30 09:48 - 2013-09-07 21:05 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2013-09-07 21:05 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2013-09-07 21:05 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-07 21:05 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2013-09-07 21:05 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2013-09-07 21:05 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2013-09-07 21:05 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2013-09-07 21:05 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2013-09-07 21:05 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-30 09:47 - 2013-09-07 21:05 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-28 10:33 - 2013-08-28 10:33 - 04743685 _____ C:\Users\Tobias\Downloads\1170088037_File_5722_EzFFT_1.4.zip
2013-08-25 23:19 - 2013-08-25 23:14 - 59162340 _____ C:\Users\Tobias\Downloads\Literatur.zip
2013-08-25 23:16 - 2013-08-25 23:15 - 00000000 ____D C:\Users\Tobias\Desktop\MOC
2013-08-22 02:19 - 2012-01-09 22:55 - 00000000 ____D C:\Users\Tobias\Documents\HuAMaster
2013-08-19 23:54 - 2013-08-16 23:31 - 00000000 ____D C:\Users\Public\Documents\maxdome
2013-08-19 22:29 - 2013-08-19 22:26 - 27891222 _____ (Igor Pavlov) C:\Users\Tobias_2\Downloads\tor-browser-2.3.25-12_en-US.exe
2013-08-19 21:01 - 2012-04-27 06:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 21:43 - 2013-08-18 21:43 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Macromedia
2013-08-18 21:43 - 2013-08-18 21:43 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Macromedia
2013-08-18 21:29 - 2013-08-18 21:29 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Mozilla
2013-08-18 21:29 - 2013-08-18 21:29 - 00000000 ____D C:\Users\Tobias_2\AppData\Local\Mozilla
2013-08-18 21:28 - 2013-08-18 21:28 - 00129456 _____ C:\Users\Tobias_2\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-18 21:28 - 2013-08-18 21:28 - 00000020 ___SH C:\Users\Tobias_2\ntuser.ini
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Vorlagen
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Startmenü
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Netzwerkumgebung
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Lokale Einstellungen
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Eigene Dateien
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Druckumgebung
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Documents\Eigene Musik
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Documents\Eigene Bilder
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\AppData\Local\Verlauf
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\AppData\Local\Anwendungsdaten
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 _SHDL C:\Users\Tobias_2\Anwendungsdaten
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 ___RD C:\Users\Tobias_2\Virtual Machines
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 ____D C:\Users\Tobias_2\AppData\Roaming\Adobe
2013-08-18 21:28 - 2013-08-18 21:28 - 00000000 ____D C:\Users\Tobias_2
2013-08-18 13:38 - 2013-08-18 01:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-18 13:15 - 2013-08-18 13:15 - 00015250 _____ C:\Users\Tobias\Desktop\hs_err_pid8440.log
2013-08-16 23:26 - 2013-03-04 22:17 - 00129456 _____ C:\Users\Polina\AppData\Local\GDIPFONTCACHEV1.DAT

Files to move or delete:
====================
C:\Users\Tobias\AppData\Local\Temp\Quarantine.exe
C:\Users\Tobias\AppData\Local\Temp\RarSFX0\SecurityCheck\Objlist.exe
C:\Users\Tobias\AppData\Local\Temp\RarSFX0\SecurityCheck\runprocesses.exe
C:\Users\Tobias\AppData\Local\Temp\RarSFX0\SecurityCheck\uninstalllist.exe
C:\Users\Tobias\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\cmdinfo.exe
C:\Users\Tobias\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\nircmdc.exe
C:\Users\Tobias\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\sed.exe
C:\Users\Tobias\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\swreg.exe
C:\Users\Tobias\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 14:43

==================== End Of Log ============================

--- --- ---

Grüße, Tobi

schrauber · 11.09.2013, 19:48

Java updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

09.09.2013, 05:18	#6
schrauber /// the machine /// TB-Ausbilder	Rootkit gefunden (MBAR) Windows 7 Professional 64 Bit Haste mal den Router neu gestartet? Kannste Logs und Tools per Stick transferieren? __________________ --> Rootkit gefunden (MBAR) Windows 7 Professional 64 Bit

Rootkit gefunden (MBAR) Windows 7 Professional 64 Bit

Log-Analyse und Auswertung: Rootkit gefunden (MBAR) Windows 7 Professional 64 Bit