Trojaner TR/Fakeadb.A

schrauber · 16.09.2013, 10:28

Normal legt das aber nen Ordner an.

Mach mal bitte ne Systemwiederherstellung auf ein Datum vor dem Fix. Wenn das nicht geht bitte nen Screenshot vom Inhalt der Quarantäne.

k.karl · 16.09.2013, 16:18

Systemwiederherstellung hatte ich schon versucht! Ich mach aber heute nochmal eine.

Screenshot mach ich auch noch!

schrauber · 16.09.2013, 19:51

Ok. Aber wie gesagt das Kopieren von dem Programme Ordner zurück nach C sollte problemlos funtkionieren, zur Not in Etappen.

k.karl · 17.09.2013, 18:49

Hallo schrauber,

ich habe gestern mit Hilfe der "Vorgängerversionen"-Funktion alle Ordner aus C:Program Files (X86) auf den Stand vor dem fix zurückgesetzt und damit (hoffentlich) wieder alle Dateien dorthin zurückkopiert wo Sie hingehören.

Wie gehn wir nun weiter vor?

schrauber · 17.09.2013, 20:24

Frisches FRST Scanlog bitte

k.karl · 17.09.2013, 21:07

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by xxx (administrator) on xxx-HP on 17-09-2013 22:03:16
Running from C:\Users\xxx\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(Google Inc.) C:\Users\xxx\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes)
HKCU\...\Run: [MusicManager] - C:\Users\xxx\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7345664 2013-06-21] (Google Inc.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {452CC30F-3D62-48E2-A5A8-B3172A3E0C1F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {D866DD77-F8CC-4D3E-93C9-3F4D89EAE252} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {452CC30F-3D62-48E2-A5A8-B3172A3E0C1F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - DefaultScope {452CC30F-3D62-48E2-A5A8-B3172A3E0C1F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {452CC30F-3D62-48E2-A5A8-B3172A3E0C1F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32:  - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 213.153.32.129 213.153.32.1

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default
FF Homepage: hxxp://www.google.at/ig
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\xxx\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\xxx\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: LavaFox V2 - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\info@djzig.com
FF Extension: NASA Night Launch - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\nasanightlaunch@example(2).com
FF Extension: NASA Night Launch - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\nasanightlaunch@example(3).com
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF Extension: Flashblock - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
FF Extension: WOT - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Black Steel - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}(2)
FF Extension: nasanightlaunch - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\nasanightlaunch@example.com.xpi
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

Chrome: 
=======
CHR HomePage: hxxp://www.google.com

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S2 AviraUpgradeService; "C:\Windows\TEMP\AVSETUP_520a7452\avupgsvc.exe" /TEMPSTART:""C:\Windows\TEMP\AVSETUP_520a7452\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-10-03] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-14] (Avira Operations GmbH & Co. KG)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2011-01-07] (Huawei Technologies Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-10-03] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-17 22:02 - 2013-09-17 22:03 - 01950524 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-09-17 21:26 - 2013-09-17 21:26 - 98062984 _____ C:\Windows\SysWOW64\榡
2013-09-16 07:10 - 2011-01-26 08:53 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-09-16 07:10 - 2011-01-26 08:53 - 00265088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-09-16 07:10 - 2011-01-26 08:31 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-09-14 21:40 - 2013-09-14 23:22 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-14 20:56 - 2013-09-14 20:56 - 00000425 _____ C:\Users\xxx\Desktop\Fixlist.txt
2013-09-14 14:21 - 2013-09-14 14:21 - 00008914 _____ C:\Users\xxx\Desktop\Kostenaufstellung zum Arbeitsbeginn.xlsx
2013-09-13 19:55 - 2013-09-13 20:07 - 00031702 _____ C:\Users\xxx\Desktop\FRST_3.txt
2013-09-13 19:46 - 2013-09-13 19:46 - 00891144 _____ C:\Users\xxx\Desktop\SecurityCheck.exe
2013-09-12 22:41 - 2013-09-12 22:41 - 00262844 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-09-12 22:14 - 2013-09-12 22:14 - 02434048 _____ C:\Users\xxx\Downloads\msxml.msi
2013-09-12 21:23 - 2013-09-12 21:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-12 21:17 - 2013-09-14 23:21 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 ____D C:\Users\xxx\AppData\Local\Secunia PSI
2013-09-12 21:16 - 2013-09-12 21:16 - 03272136 _____ (Secunia) C:\Users\xxx\Downloads\PSISetup711.exe
2013-09-12 21:07 - 2013-09-12 21:07 - 00000000 ____D C:\ProgramData\Licenses
2013-09-12 21:06 - 2013-09-17 00:58 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-09-12 21:06 - 2013-09-12 21:06 - 04095448 _____ (BrightFort LLC                                              ) C:\Users\xxx\Desktop\spywareblastersetup50.exe
2013-09-12 20:45 - 2013-09-12 20:45 - 00376576 _____ C:\Users\xxx\Downloads\wot_safe_surfing-20130515-fx.zip
2013-09-12 20:24 - 2013-09-12 20:24 - 00029290 _____ C:\Users\xxx\Desktop\FRST_2.txt
2013-09-12 20:20 - 2013-09-12 20:20 - 00001058 _____ C:\Users\xxx\Desktop\JRT.txt
2013-09-12 20:12 - 2013-09-12 20:12 - 01029509 _____ (Thisisu) C:\Users\xxx\Desktop\JRT.exe
2013-09-12 20:10 - 2013-09-12 20:10 - 00006989 _____ C:\Users\xxx\Desktop\AdwCleaner[S0].txt
2013-09-12 20:06 - 2013-09-12 20:08 - 00000000 ____D C:\AdwCleaner
2013-09-12 20:05 - 2013-09-12 20:05 - 01037278 _____ C:\Users\xxx\Desktop\adwcleaner.exe
2013-09-12 19:50 - 2013-09-12 19:50 - 00001113 _____ C:\Users\xxx\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-12 19:50 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-12 19:48 - 2013-09-12 19:48 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\xxx\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-09-12 19:47 - 2013-09-12 19:47 - 97373152 _____ C:\Windows\SysWOW64\腍ᴾ…
2013-09-11 21:10 - 2013-09-11 21:10 - 00026867 _____ C:\ComboFix.txt
2013-09-11 20:44 - 2013-09-11 20:45 - 05124599 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2013-09-10 22:19 - 2013-09-10 22:19 - 00000382 _____ C:\Users\xxx\Desktop\gmer.txt
2013-09-10 21:53 - 2013-09-10 21:53 - 00377856 _____ C:\Users\xxx\Desktop\gmer_2.1.19163.exe
2013-09-10 21:52 - 2013-09-10 21:52 - 00031480 _____ C:\Users\xxx\Desktop\FRST_1.txt
2013-09-03 16:59 - 2013-09-03 16:59 - 95638383 _____ C:\Windows\SysWOW64\鷻룭‚
2013-09-03 09:09 - 2013-09-17 00:57 - 00000000 ____D C:\Program Files (x86)\Tor
2013-08-27 09:19 - 2013-08-27 09:19 - 00001402 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-08-27 09:19 - 2013-08-27 09:19 - 00001243 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-08-20 10:41 - 2013-09-14 23:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 07:02 - 2013-08-20 07:02 - 00204568 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2013-08-20 07:02 - 2013-08-20 07:02 - 00103576 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys

==================== One Month Modified Files and Folders =======

2013-09-17 22:03 - 2013-09-17 22:02 - 01950524 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-09-17 22:01 - 2013-08-13 00:40 - 00000000 ____D C:\FRST
2013-09-17 21:26 - 2013-09-17 21:26 - 98062984 _____ C:\Windows\SysWOW64\榡
2013-09-17 19:51 - 2009-07-14 06:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-17 19:51 - 2009-07-14 06:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-17 19:43 - 2012-12-31 16:32 - 00049608 _____ C:\Windows\setupact.log
2013-09-17 19:39 - 2010-08-19 01:43 - 01122123 _____ C:\Windows\WindowsUpdate.log
2013-09-17 01:40 - 2010-08-19 02:03 - 00000000 ____D C:\Program Files (x86)\HP Games
2013-09-17 01:34 - 2011-01-28 08:58 - 00000000 ____D C:\Program Files (x86)\IrfanView
2013-09-17 01:33 - 2011-12-28 14:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-17 01:19 - 2011-01-01 14:34 - 00000000 ____D C:\Program Files (x86)\MozBackup
2013-09-17 01:18 - 2013-08-13 00:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-17 01:16 - 2011-01-23 22:46 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-09-17 01:14 - 2011-01-01 23:16 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-09-17 01:08 - 2013-06-23 14:34 - 00000000 ____D C:\Program Files (x86)\PureSync
2013-09-17 01:07 - 2013-05-28 07:07 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-17 01:06 - 2012-03-06 21:10 - 00000000 ____D C:\Program Files (x86)\Rename Expert
2013-09-17 01:05 - 2011-02-13 01:35 - 00000000 ____D C:\Program Files (x86)\RocketDock
2013-09-17 00:59 - 2012-05-25 20:49 - 00000000 ____D C:\Program Files (x86)\SopCast
2013-09-17 00:59 - 2010-12-31 19:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-17 00:58 - 2013-09-12 21:06 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-09-17 00:58 - 2011-11-14 23:30 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-09-17 00:57 - 2013-09-03 09:09 - 00000000 ____D C:\Program Files (x86)\Tor
2013-09-17 00:56 - 2013-04-12 20:27 - 00000000 ____D C:\Program Files (x86)\TweakNow RegCleaner
2013-09-17 00:56 - 2011-01-18 22:17 - 00000000 ____D C:\Program Files (x86)\Verbatim GREEN BUTTON
2013-09-17 00:53 - 2011-01-23 21:49 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-09-17 00:52 - 2011-12-07 18:25 - 00000000 ____D C:\Program Files (x86)\Winamp Detect
2013-09-17 00:52 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-09-17 00:51 - 2010-07-21 10:22 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2013-09-17 00:49 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-09-17 00:49 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-09-17 00:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-09-17 00:47 - 2011-10-22 18:55 - 00000000 ____D C:\Program Files (x86)\XBMC
2013-09-17 00:46 - 2011-01-01 15:06 - 00000000 ____D C:\Program Files (x86)\zebNet
2013-09-16 09:35 - 2010-12-31 16:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-16 07:02 - 2013-02-21 10:36 - 00300640 _____ C:\Windows\PFRO.log
2013-09-14 23:24 - 2013-08-20 10:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-14 23:24 - 2012-06-07 14:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-14 23:24 - 2011-11-27 14:34 - 00000000 ____D C:\Program Files (x86)\poc
2013-09-14 23:24 - 2011-10-22 07:31 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-09-14 23:24 - 2010-12-31 12:49 - 00000000 ____D C:\Users\xxx
2013-09-14 23:24 - 2010-07-21 11:39 - 00000000 ___RD C:\Program Files (x86)\Online Services
2013-09-14 23:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-09-14 23:23 - 2013-03-05 21:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-14 23:23 - 2010-12-31 16:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-09-14 23:22 - 2013-09-14 21:40 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-14 23:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-09-14 23:22 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2013-09-14 23:21 - 2013-09-12 21:17 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-09-14 23:21 - 2012-06-24 09:50 - 00000000 ____D C:\Program Files (x86)\SEGA
2013-09-14 23:21 - 2011-10-02 22:47 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-09-14 23:21 - 2011-06-26 20:23 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-09-14 23:21 - 2011-02-15 20:27 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-09-14 23:21 - 2010-07-21 10:57 - 00000000 ____D C:\Program Files (x86)\Symantec
2013-09-14 23:21 - 2010-07-21 10:22 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-09-14 23:20 - 2013-04-12 21:53 - 00000000 ____D C:\Program Files (x86)\RegSeeker
2013-09-14 23:20 - 2011-06-18 23:23 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-09-14 23:20 - 2011-02-05 16:07 - 00000000 ____D C:\Program Files (x86)\Nikon
2013-09-14 23:20 - 2010-08-19 01:42 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-09-14 23:20 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-09-14 23:19 - 2011-11-06 11:18 - 00000000 ____D C:\Program Files (x86)\Navigram
2013-09-14 23:19 - 2011-01-18 22:21 - 00000000 ____D C:\Program Files (x86)\Nero
2013-09-14 23:18 - 2012-11-18 19:54 - 00000000 ____D C:\Program Files (x86)\InterActive Vision
2013-09-14 23:18 - 2011-06-18 23:23 - 00000000 ____D C:\Program Files (x86)\MarkAny
2013-09-14 23:18 - 2010-12-31 16:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2013-09-14 23:18 - 2010-12-31 16:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-09-14 23:18 - 2010-07-21 13:07 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-14 23:18 - 2010-07-21 11:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-09-14 23:18 - 2010-07-21 10:23 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-09-14 23:18 - 2010-07-21 10:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-14 23:17 - 2011-10-22 21:20 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2013-09-14 23:17 - 2010-08-19 01:45 - 00000000 ____D C:\Program Files (x86)\HP
2013-09-14 20:56 - 2013-09-14 20:56 - 00000425 _____ C:\Users\xxx\Desktop\Fixlist.txt
2013-09-14 14:21 - 2013-09-14 14:21 - 00008914 _____ C:\Users\xxx\Desktop\Kostenaufstellung zum Arbeitsbeginn.xlsx
2013-09-13 20:07 - 2013-09-13 19:55 - 00031702 _____ C:\Users\xxx\Desktop\FRST_3.txt
2013-09-13 19:46 - 2013-09-13 19:46 - 00891144 _____ C:\Users\xxx\Desktop\SecurityCheck.exe
2013-09-13 07:49 - 2011-01-17 08:56 - 00000000 ____D C:\Users\xxx\AppData\Local\Corel
2013-09-13 07:49 - 2011-01-17 08:55 - 00000000 ____D C:\Users\xxx\Documents\My PSP Files
2013-09-12 22:41 - 2013-09-12 22:41 - 00262844 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-09-12 22:14 - 2013-09-12 22:14 - 02434048 _____ C:\Users\xxx\Downloads\msxml.msi
2013-09-12 22:08 - 2011-01-01 14:16 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-09-12 21:57 - 2013-07-20 23:37 - 00000000 ____D C:\Users\xxx\AppData\Roaming\vlc
2013-09-12 21:23 - 2013-09-12 21:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-12 21:23 - 2012-04-11 19:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-12 21:23 - 2011-05-18 07:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 ____D C:\Users\xxx\AppData\Local\Secunia PSI
2013-09-12 21:16 - 2013-09-12 21:16 - 03272136 _____ (Secunia) C:\Users\xxx\Downloads\PSISetup711.exe
2013-09-12 21:07 - 2013-09-12 21:07 - 00000000 ____D C:\ProgramData\Licenses
2013-09-12 21:06 - 2013-09-12 21:06 - 04095448 _____ (BrightFort LLC                                              ) C:\Users\xxx\Desktop\spywareblastersetup50.exe
2013-09-12 21:00 - 2013-04-12 20:27 - 00000000 ____D C:\Users\xxx\AppData\Roaming\TweakNow RegCleaner
2013-09-12 20:45 - 2013-09-12 20:45 - 00376576 _____ C:\Users\xxx\Downloads\wot_safe_surfing-20130515-fx.zip
2013-09-12 20:24 - 2013-09-12 20:24 - 00029290 _____ C:\Users\xxx\Desktop\FRST_2.txt
2013-09-12 20:20 - 2013-09-12 20:20 - 00001058 _____ C:\Users\xxx\Desktop\JRT.txt
2013-09-12 20:12 - 2013-09-12 20:12 - 01029509 _____ (Thisisu) C:\Users\xxx\Desktop\JRT.exe
2013-09-12 20:10 - 2013-09-12 20:10 - 00006989 _____ C:\Users\xxx\Desktop\AdwCleaner[S0].txt
2013-09-12 20:08 - 2013-09-12 20:06 - 00000000 ____D C:\AdwCleaner
2013-09-12 20:05 - 2013-09-12 20:05 - 01037278 _____ C:\Users\xxx\Desktop\adwcleaner.exe
2013-09-12 19:50 - 2013-09-12 19:50 - 00001113 _____ C:\Users\xxx\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-12 19:48 - 2013-09-12 19:48 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\xxx\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-09-12 19:47 - 2013-09-12 19:47 - 97373152 _____ C:\Windows\SysWOW64\腍ᴾ…
2013-09-12 18:06 - 2010-12-31 19:27 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Skype
2013-09-11 21:42 - 2013-07-27 23:13 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 21:41 - 2011-01-03 10:58 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 21:11 - 2013-08-13 20:02 - 00000000 ____D C:\Qoobox
2013-09-11 21:10 - 2013-09-11 21:10 - 00026867 _____ C:\ComboFix.txt
2013-09-11 21:00 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-11 20:45 - 2013-09-11 20:44 - 05124599 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2013-09-10 22:19 - 2013-09-10 22:19 - 00000382 _____ C:\Users\xxx\Desktop\gmer.txt
2013-09-10 21:53 - 2013-09-10 21:53 - 00377856 _____ C:\Users\xxx\Desktop\gmer_2.1.19163.exe
2013-09-10 21:52 - 2013-09-10 21:52 - 00031480 _____ C:\Users\xxx\Desktop\FRST_1.txt
2013-09-10 21:45 - 2011-02-21 21:21 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-10 21:35 - 2013-04-28 22:15 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4138529036-2260153085-4193991026-1000UA.job
2013-09-10 08:17 - 2011-02-21 21:21 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 08:17 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-09 19:33 - 2011-11-05 15:33 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-09-09 19:33 - 2011-01-01 10:34 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-08 00:35 - 2013-04-28 22:15 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4138529036-2260153085-4193991026-1000Core.job
2013-09-07 21:58 - 2011-07-24 19:10 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForxxx
2013-09-07 21:58 - 2011-07-24 19:10 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForxxx.job
2013-09-03 16:59 - 2013-09-03 16:59 - 95638383 _____ C:\Windows\SysWOW64\鷻룭‚
2013-09-03 11:15 - 2013-08-14 22:45 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-02 17:33 - 2011-01-31 22:17 - 00000000 ____D C:\Users\xxx\AppData\Local\FreePDF_XP
2013-09-02 11:10 - 2011-01-13 20:29 - 00000000 ____D C:\Users\xxx\Documents\Haushalt
2013-08-29 15:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-27 09:19 - 2013-08-27 09:19 - 00001402 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-08-27 09:19 - 2013-08-27 09:19 - 00001243 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-08-27 09:19 - 2011-01-09 18:11 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-08-27 09:18 - 2011-12-24 00:03 - 00000000 ____D C:\Users\xxx\AppData\Roaming\DVDVideoSoft
2013-08-23 20:17 - 2013-04-29 22:09 - 00000020 ____H C:\ProgramData\PKP_DLev.DAT
2013-08-20 10:45 - 2013-08-14 22:48 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-20 10:45 - 2013-08-14 22:45 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-20 07:02 - 2013-08-20 07:02 - 00204568 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2013-08-20 07:02 - 2013-08-20 07:02 - 00103576 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2013-08-19 09:41 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 10:40

==================== End Of Log ============================

--- --- ---

schrauber · 18.09.2013, 10:06

Jetzt klappt das, versprochen

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-03] ()
C:\Program Files (x86)\Tor
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

k.karl · 18.09.2013, 20:55

ja, das sieht jetzt schon vieel besser aus:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 03
Ran by xxx at 2013-09-18 21:54:52 Run:4
Running from C:\Users\xxx\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-03] ()
C:\Program Files (x86)\Tor
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
*****************

"C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe" => File/Directory not found.
"C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe" => File/Directory not found.
tor => Service not found.
C:\Program Files (x86)\Tor => Moved successfully.
C:\ProgramData\PKP_DLdu.DAT => Moved successfully.
C:\ProgramData\PKP_DLeo.DAT => Moved successfully.
C:\ProgramData\PKP_DLes.DAT => Moved successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.
C:\ProgramData\PKP_DLev.DAT => Moved successfully.

==== End of Fixlog ====

schrauber · 19.09.2013, 09:48

frisches FRST log bitte. Noch Probleme?

k.karl · 19.09.2013, 18:34

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by xxx (administrator) on xxx-HP on 19-09-2013 19:28:36
Running from C:\Users\xxx\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(Google Inc.) C:\Users\xxx\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes)
HKCU\...\Run: [MusicManager] - C:\Users\xxx\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7345664 2013-06-21] (Google Inc.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {452CC30F-3D62-48E2-A5A8-B3172A3E0C1F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {D866DD77-F8CC-4D3E-93C9-3F4D89EAE252} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {452CC30F-3D62-48E2-A5A8-B3172A3E0C1F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - DefaultScope {452CC30F-3D62-48E2-A5A8-B3172A3E0C1F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {452CC30F-3D62-48E2-A5A8-B3172A3E0C1F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32:  - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 213.153.32.129 213.153.32.1

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default
FF Homepage: hxxp://www.google.at/ig
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\xxx\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\xxx\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: LavaFox V2 - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\info@djzig.com
FF Extension: NASA Night Launch - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\nasanightlaunch@example(2).com
FF Extension: NASA Night Launch - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\nasanightlaunch@example(3).com
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF Extension: Flashblock - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
FF Extension: WOT - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Black Steel - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}(2)
FF Extension: nasanightlaunch - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\nasanightlaunch@example.com.xpi
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l3x2e4p1.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

Chrome: 
=======
CHR HomePage: hxxp://www.google.com

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S2 AviraUpgradeService; "C:\Windows\TEMP\AVSETUP_520a7452\avupgsvc.exe" /TEMPSTART:""C:\Windows\TEMP\AVSETUP_520a7452\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-10-03] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-14] (Avira Operations GmbH & Co. KG)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2011-01-07] (Huawei Technologies Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-10-03] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-18 13:46 - 2013-09-18 13:46 - 00000165 ____H C:\Users\xxx\Desktop\~$Kostenaufstellung zum Arbeitsbeginn.xlsx
2013-09-18 11:35 - 2013-09-19 18:49 - 98395704 _____ C:\Windows\SysWOW64\�괇“
2013-09-17 22:02 - 2013-09-17 22:03 - 01950524 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-09-16 07:10 - 2011-01-26 08:53 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-09-16 07:10 - 2011-01-26 08:53 - 00265088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-09-16 07:10 - 2011-01-26 08:31 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-09-14 21:40 - 2013-09-14 23:22 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-14 14:21 - 2013-09-19 10:39 - 00011816 _____ C:\Users\xxx\Desktop\Kostenaufstellung zum Arbeitsbeginn.xlsx
2013-09-13 19:55 - 2013-09-13 20:07 - 00031702 _____ C:\Users\xxx\Desktop\FRST_3.txt
2013-09-13 19:46 - 2013-09-13 19:46 - 00891144 _____ C:\Users\xxx\Desktop\SecurityCheck.exe
2013-09-12 22:41 - 2013-09-12 22:41 - 00262844 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-09-12 22:14 - 2013-09-12 22:14 - 02434048 _____ C:\Users\xxx\Downloads\msxml.msi
2013-09-12 21:23 - 2013-09-12 21:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-12 21:17 - 2013-09-14 23:21 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 ____D C:\Users\xxx\AppData\Local\Secunia PSI
2013-09-12 21:16 - 2013-09-12 21:16 - 03272136 _____ (Secunia) C:\Users\xxx\Downloads\PSISetup711.exe
2013-09-12 21:07 - 2013-09-12 21:07 - 00000000 ____D C:\ProgramData\Licenses
2013-09-12 21:06 - 2013-09-17 00:58 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-09-12 21:06 - 2013-09-12 21:06 - 04095448 _____ (BrightFort LLC                                              ) C:\Users\xxx\Desktop\spywareblastersetup50.exe
2013-09-12 20:45 - 2013-09-12 20:45 - 00376576 _____ C:\Users\xxx\Downloads\wot_safe_surfing-20130515-fx.zip
2013-09-12 20:24 - 2013-09-12 20:24 - 00029290 _____ C:\Users\xxx\Desktop\FRST_2.txt
2013-09-12 20:20 - 2013-09-12 20:20 - 00001058 _____ C:\Users\xxx\Desktop\JRT.txt
2013-09-12 20:12 - 2013-09-12 20:12 - 01029509 _____ (Thisisu) C:\Users\xxx\Desktop\JRT.exe
2013-09-12 20:10 - 2013-09-12 20:10 - 00006989 _____ C:\Users\xxx\Desktop\AdwCleaner[S0].txt
2013-09-12 20:06 - 2013-09-12 20:08 - 00000000 ____D C:\AdwCleaner
2013-09-12 20:05 - 2013-09-12 20:05 - 01037278 _____ C:\Users\xxx\Desktop\adwcleaner.exe
2013-09-12 19:50 - 2013-09-12 19:50 - 00001113 _____ C:\Users\xxx\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-12 19:50 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-12 19:48 - 2013-09-12 19:48 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\xxx\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-09-12 19:47 - 2013-09-12 19:47 - 97373152 _____ C:\Windows\SysWOW64\腍ᴾ…
2013-09-11 21:10 - 2013-09-11 21:10 - 00026867 _____ C:\ComboFix.txt
2013-09-11 20:44 - 2013-09-11 20:45 - 05124599 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2013-09-10 22:19 - 2013-09-10 22:19 - 00000382 _____ C:\Users\xxx\Desktop\gmer.txt
2013-09-10 21:53 - 2013-09-10 21:53 - 00377856 _____ C:\Users\xxx\Desktop\gmer_2.1.19163.exe
2013-09-10 21:52 - 2013-09-10 21:52 - 00031480 _____ C:\Users\xxx\Desktop\FRST_1.txt
2013-09-03 16:59 - 2013-09-03 16:59 - 95638383 _____ C:\Windows\SysWOW64\鷻룭‚
2013-08-27 09:19 - 2013-08-27 09:19 - 00001402 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-08-27 09:19 - 2013-08-27 09:19 - 00001243 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-08-20 10:41 - 2013-09-14 23:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 07:02 - 2013-08-20 07:02 - 00204568 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2013-08-20 07:02 - 2013-08-20 07:02 - 00103576 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys

==================== One Month Modified Files and Folders =======

2013-09-19 19:27 - 2010-12-31 19:27 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Skype
2013-09-19 18:49 - 2013-09-18 11:35 - 98395704 _____ C:\Windows\SysWOW64\�괇“
2013-09-19 14:25 - 2010-08-19 01:43 - 01149662 _____ C:\Windows\WindowsUpdate.log
2013-09-19 10:39 - 2013-09-14 14:21 - 00011816 _____ C:\Users\xxx\Desktop\Kostenaufstellung zum Arbeitsbeginn.xlsx
2013-09-19 08:54 - 2009-07-14 06:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-19 08:54 - 2009-07-14 06:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-18 21:54 - 2013-08-13 00:40 - 00000000 ____D C:\FRST
2013-09-18 13:46 - 2013-09-18 13:46 - 00000165 ____H C:\Users\xxx\Desktop\~$Kostenaufstellung zum Arbeitsbeginn.xlsx
2013-09-18 09:34 - 2012-12-31 16:32 - 00049664 _____ C:\Windows\setupact.log
2013-09-17 22:03 - 2013-09-17 22:02 - 01950524 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-09-17 01:40 - 2010-08-19 02:03 - 00000000 ____D C:\Program Files (x86)\HP Games
2013-09-17 01:34 - 2011-01-28 08:58 - 00000000 ____D C:\Program Files (x86)\IrfanView
2013-09-17 01:33 - 2011-12-28 14:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-17 01:19 - 2011-01-01 14:34 - 00000000 ____D C:\Program Files (x86)\MozBackup
2013-09-17 01:18 - 2013-08-13 00:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-17 01:16 - 2011-01-23 22:46 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-09-17 01:14 - 2011-01-01 23:16 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-09-17 01:08 - 2013-06-23 14:34 - 00000000 ____D C:\Program Files (x86)\PureSync
2013-09-17 01:07 - 2013-05-28 07:07 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-17 01:06 - 2012-03-06 21:10 - 00000000 ____D C:\Program Files (x86)\Rename Expert
2013-09-17 01:05 - 2011-02-13 01:35 - 00000000 ____D C:\Program Files (x86)\RocketDock
2013-09-17 00:59 - 2012-05-25 20:49 - 00000000 ____D C:\Program Files (x86)\SopCast
2013-09-17 00:59 - 2010-12-31 19:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-17 00:58 - 2013-09-12 21:06 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-09-17 00:58 - 2011-11-14 23:30 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-09-17 00:56 - 2013-04-12 20:27 - 00000000 ____D C:\Program Files (x86)\TweakNow RegCleaner
2013-09-17 00:56 - 2011-01-18 22:17 - 00000000 ____D C:\Program Files (x86)\Verbatim GREEN BUTTON
2013-09-17 00:53 - 2011-01-23 21:49 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-09-17 00:52 - 2011-12-07 18:25 - 00000000 ____D C:\Program Files (x86)\Winamp Detect
2013-09-17 00:52 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-09-17 00:51 - 2010-07-21 10:22 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2013-09-17 00:49 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-09-17 00:49 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-09-17 00:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-09-17 00:47 - 2011-10-22 18:55 - 00000000 ____D C:\Program Files (x86)\XBMC
2013-09-17 00:46 - 2011-01-01 15:06 - 00000000 ____D C:\Program Files (x86)\zebNet
2013-09-16 09:35 - 2010-12-31 16:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-16 07:02 - 2013-02-21 10:36 - 00300640 _____ C:\Windows\PFRO.log
2013-09-14 23:24 - 2013-08-20 10:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-14 23:24 - 2012-06-07 14:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-14 23:24 - 2011-11-27 14:34 - 00000000 ____D C:\Program Files (x86)\poc
2013-09-14 23:24 - 2011-10-22 07:31 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-09-14 23:24 - 2010-12-31 12:49 - 00000000 ____D C:\Users\xxx
2013-09-14 23:24 - 2010-07-21 11:39 - 00000000 ___RD C:\Program Files (x86)\Online Services
2013-09-14 23:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-09-14 23:23 - 2013-03-05 21:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-14 23:23 - 2010-12-31 16:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-09-14 23:22 - 2013-09-14 21:40 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-14 23:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-09-14 23:22 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2013-09-14 23:21 - 2013-09-12 21:17 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-09-14 23:21 - 2012-06-24 09:50 - 00000000 ____D C:\Program Files (x86)\SEGA
2013-09-14 23:21 - 2011-10-02 22:47 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-09-14 23:21 - 2011-06-26 20:23 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-09-14 23:21 - 2011-02-15 20:27 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-09-14 23:21 - 2010-07-21 10:57 - 00000000 ____D C:\Program Files (x86)\Symantec
2013-09-14 23:21 - 2010-07-21 10:22 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-09-14 23:20 - 2013-04-12 21:53 - 00000000 ____D C:\Program Files (x86)\RegSeeker
2013-09-14 23:20 - 2011-06-18 23:23 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-09-14 23:20 - 2011-02-05 16:07 - 00000000 ____D C:\Program Files (x86)\Nikon
2013-09-14 23:20 - 2010-08-19 01:42 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-09-14 23:20 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-09-14 23:19 - 2011-11-06 11:18 - 00000000 ____D C:\Program Files (x86)\Navigram
2013-09-14 23:19 - 2011-01-18 22:21 - 00000000 ____D C:\Program Files (x86)\Nero
2013-09-14 23:18 - 2012-11-18 19:54 - 00000000 ____D C:\Program Files (x86)\InterActive Vision
2013-09-14 23:18 - 2011-06-18 23:23 - 00000000 ____D C:\Program Files (x86)\MarkAny
2013-09-14 23:18 - 2010-12-31 16:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2013-09-14 23:18 - 2010-12-31 16:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-09-14 23:18 - 2010-07-21 13:07 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-14 23:18 - 2010-07-21 11:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-09-14 23:18 - 2010-07-21 10:23 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-09-14 23:18 - 2010-07-21 10:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-14 23:17 - 2011-10-22 21:20 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2013-09-14 23:17 - 2010-08-19 01:45 - 00000000 ____D C:\Program Files (x86)\HP
2013-09-13 20:07 - 2013-09-13 19:55 - 00031702 _____ C:\Users\xxx\Desktop\FRST_3.txt
2013-09-13 19:46 - 2013-09-13 19:46 - 00891144 _____ C:\Users\xxx\Desktop\SecurityCheck.exe
2013-09-13 07:49 - 2011-01-17 08:56 - 00000000 ____D C:\Users\xxx\AppData\Local\Corel
2013-09-13 07:49 - 2011-01-17 08:55 - 00000000 ____D C:\Users\xxx\Documents\My PSP Files
2013-09-12 22:41 - 2013-09-12 22:41 - 00262844 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-09-12 22:14 - 2013-09-12 22:14 - 02434048 _____ C:\Users\xxx\Downloads\msxml.msi
2013-09-12 22:08 - 2011-01-01 14:16 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-09-12 21:57 - 2013-07-20 23:37 - 00000000 ____D C:\Users\xxx\AppData\Roaming\vlc
2013-09-12 21:23 - 2013-09-12 21:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-12 21:23 - 2012-04-11 19:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-12 21:23 - 2011-05-18 07:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-12 21:17 - 2013-09-12 21:17 - 00000000 ____D C:\Users\xxx\AppData\Local\Secunia PSI
2013-09-12 21:16 - 2013-09-12 21:16 - 03272136 _____ (Secunia) C:\Users\xxx\Downloads\PSISetup711.exe
2013-09-12 21:07 - 2013-09-12 21:07 - 00000000 ____D C:\ProgramData\Licenses
2013-09-12 21:06 - 2013-09-12 21:06 - 04095448 _____ (BrightFort LLC                                              ) C:\Users\xxx\Desktop\spywareblastersetup50.exe
2013-09-12 21:00 - 2013-04-12 20:27 - 00000000 ____D C:\Users\xxx\AppData\Roaming\TweakNow RegCleaner
2013-09-12 20:45 - 2013-09-12 20:45 - 00376576 _____ C:\Users\xxx\Downloads\wot_safe_surfing-20130515-fx.zip
2013-09-12 20:24 - 2013-09-12 20:24 - 00029290 _____ C:\Users\xxx\Desktop\FRST_2.txt
2013-09-12 20:20 - 2013-09-12 20:20 - 00001058 _____ C:\Users\xxx\Desktop\JRT.txt
2013-09-12 20:12 - 2013-09-12 20:12 - 01029509 _____ (Thisisu) C:\Users\xxx\Desktop\JRT.exe
2013-09-12 20:10 - 2013-09-12 20:10 - 00006989 _____ C:\Users\xxx\Desktop\AdwCleaner[S0].txt
2013-09-12 20:08 - 2013-09-12 20:06 - 00000000 ____D C:\AdwCleaner
2013-09-12 20:05 - 2013-09-12 20:05 - 01037278 _____ C:\Users\xxx\Desktop\adwcleaner.exe
2013-09-12 19:50 - 2013-09-12 19:50 - 00001113 _____ C:\Users\xxx\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-12 19:48 - 2013-09-12 19:48 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\xxx\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-09-12 19:47 - 2013-09-12 19:47 - 97373152 _____ C:\Windows\SysWOW64\腍ᴾ…
2013-09-11 21:42 - 2013-07-27 23:13 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 21:41 - 2011-01-03 10:58 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 21:11 - 2013-08-13 20:02 - 00000000 ____D C:\Qoobox
2013-09-11 21:10 - 2013-09-11 21:10 - 00026867 _____ C:\ComboFix.txt
2013-09-11 21:00 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-11 20:45 - 2013-09-11 20:44 - 05124599 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2013-09-10 22:19 - 2013-09-10 22:19 - 00000382 _____ C:\Users\xxx\Desktop\gmer.txt
2013-09-10 21:53 - 2013-09-10 21:53 - 00377856 _____ C:\Users\xxx\Desktop\gmer_2.1.19163.exe
2013-09-10 21:52 - 2013-09-10 21:52 - 00031480 _____ C:\Users\xxx\Desktop\FRST_1.txt
2013-09-10 21:45 - 2011-02-21 21:21 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-10 21:35 - 2013-04-28 22:15 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4138529036-2260153085-4193991026-1000UA.job
2013-09-10 08:17 - 2011-02-21 21:21 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 08:17 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-09 19:33 - 2011-11-05 15:33 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-09-09 19:33 - 2011-01-01 10:34 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-08 00:35 - 2013-04-28 22:15 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4138529036-2260153085-4193991026-1000Core.job
2013-09-07 21:58 - 2011-07-24 19:10 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForxxx
2013-09-07 21:58 - 2011-07-24 19:10 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForxxx.job
2013-09-03 16:59 - 2013-09-03 16:59 - 95638383 _____ C:\Windows\SysWOW64\鷻룭‚
2013-09-03 11:15 - 2013-08-14 22:45 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-02 17:33 - 2011-01-31 22:17 - 00000000 ____D C:\Users\xxx\AppData\Local\FreePDF_XP
2013-09-02 11:10 - 2011-01-13 20:29 - 00000000 ____D C:\Users\xxx\Documents\Haushalt
2013-08-29 15:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-27 09:19 - 2013-08-27 09:19 - 00001402 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-08-27 09:19 - 2013-08-27 09:19 - 00001243 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-08-27 09:19 - 2011-01-09 18:11 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-08-27 09:18 - 2011-12-24 00:03 - 00000000 ____D C:\Users\xxx\AppData\Roaming\DVDVideoSoft
2013-08-20 10:45 - 2013-08-14 22:48 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-20 10:45 - 2013-08-14 22:45 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-20 07:02 - 2013-08-20 07:02 - 00204568 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2013-08-20 07:02 - 2013-08-20 07:02 - 00103576 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 10:40

==================== End Of Log ============================

--- --- ---

derzeit keine Auffälligkeiten!
Ich beobachte noch bissl und gebe Dir dann noch bescheid!

Danke soweit erstmal!

schrauber · 20.09.2013, 10:26

Meld dich wieder, ich geb dir als schonmal den Text zum aufräumen.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

k.karl · 05.10.2013, 19:45

Also, nun läuft das system schon ein paar Tage problemlos!

Ich denke, das müsste es gewesen sein!

VIELEN VIELEN DANK für die Hilfe schrauben!!!

schrauber · 06.10.2013, 16:01

Gern Geschehen

16.09.2013, 10:28	#16
schrauber /// the machine /// TB-Ausbilder	Trojaner TR/Fakeadb.A Normal legt das aber nen Ordner an. Mach mal bitte ne Systemwiederherstellung auf ein Datum vor dem Fix. Wenn das nicht geht bitte nen Screenshot vom Inhalt der Quarantäne. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

16.09.2013, 19:51	#18
schrauber /// the machine /// TB-Ausbilder	Trojaner TR/Fakeadb.A Ok. Aber wie gesagt das Kopieren von dem Programme Ordner zurück nach C sollte problemlos funtkionieren, zur Not in Etappen. __________________ __________________

17.09.2013, 20:24	#20
schrauber /// the machine /// TB-Ausbilder	Trojaner TR/Fakeadb.A Frisches FRST Scanlog bitte __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

19.09.2013, 09:48	#24
schrauber /// the machine /// TB-Ausbilder	Trojaner TR/Fakeadb.A frisches FRST log bitte. Noch Probleme? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

06.10.2013, 16:01	#28
schrauber /// the machine /// TB-Ausbilder	Trojaner TR/Fakeadb.A Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Trojaner TR/Fakeadb.A

Plagegeister aller Art und deren Bekämpfung: Trojaner TR/Fakeadb.A