Trojaner-Board - Reicht AVIRA für die Eleminierung eines Trojaners aus?

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Reicht AVIRA für die Eleminierung eines Trojaners aus? (https://www.trojaner-board.de/136833-reicht-avira-eleminierung-trojaners.html)

Reicht AVIRA für die Eleminierung eines Trojaners aus?

Hallo.
Ich bin neu hier und - leider - alles andere als ein EDV-Experte.
Ich habe mir (Win 7) letzte Woche durch unvorsichtiges Öffnen eines E-Mail-Anhangs (MS Outlook) etwas Bösartiges eingefangen.
Ich habe gleich Avira darauf gehetzt und Avira ist auch kräftig am einsammeln.
Folgendes hat Avira in den letzten 6 Tagen im Modus „System prüfen“ gefunden und in das Quarantäne-Verzeichnis verschoben:

WORM/Cridex.pkg (18 verschiedene Quellen)
TR/Matsnu.G (4 verschiedene Quellen)
TR/Injektor.VH (1 Quelle)
TR/Ransom.Foreign.dtbb (1 Quelle)
TR/Bublik.azmo (1 Quelle)
TR/Cridex.69632.1 (1 Quelle)

Seit letzter Woche hat Avira das System circa 10-12 mal (á 4 Stunden) vollständig durchsucht und die o.g. Malware sukzessive in das Quarantäne-Verzeichnis geschaufelt.
Ist ein Suchlauf beendet, starte ich „System prüfen“ von neuem und Avira findet dann zumeist wieder was neues.
Irgendwelche Ausfallerscheinungen (Gerät langsamer, Dateien nicht zu öffnen) vermag ich nicht zu erkennen.

Meine Frage:

Wird es Avira voraussichtlich gelingen, mein netbook von der Malware vollständig zu befreien, wenn ich „System prüfen“ nur oft genug ausführe, oder kämpfe ich hier gegen Windmühlen und eine Säuberung nur durch Avira wird nicht zum Ziel führen?

Für eine Einschätzung wäre ich dankbar.

Ich habe die Anweisungen („Was muss ich vor der Eröffnung eines Themas beachten?“) auf trojaner-board.de befolgt, habe defogger, OTL und Gmer heruntergeladen und gestartet und kann die Inhalte von OTL.txt, EXTRAS.txt und Gmer.txt posten, sofern dies erforderlich sein sollte.

Vielen Dank für die Hilfe!

Hi,

Avira reicht niemals.

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Scan.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo schrauber. Vielen Dank für die Hilfe!
Nachfolgend die FRST.txt und die Addition.txt
Wie von trojaner-board.de empfohlen, habe ich den Realnamen mit *** editiert.
FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-06-2013 02

Ran by *** (administrator) on 18-06-2013 22:43:33

Running from C:\Users\***\Farbar Recovery Scan Tool_180613

Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(CobianSoft, Luis Cobian) C:\Program Files\cobian Backup 10.0_191011\cbVSCService.exe

(REINER SCT) C:\windows\system32\cjpcsc.exe

(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney Business 5.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe

() C:\Program Files\T-Mobile-Internet-Manager_021211\AssistantServices.exe

() C:\Program Files\XSManager\WTGService.exe

(4G Systems GmbH & Co. KG) C:\windows\service4g.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe

(Luis Cobian, CobianSoft) C:\Program Files\cobian Backup 10.0_191011\Cobian.exe

() C:\Program Files\T-Mobile-Internet-Manager_021211\UIExec.exe

(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe

(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe

(Luis Cobian, CobianSoft) C:\Program Files\cobian Backup 10.0_191011\cbInterface.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

(Intel Corporation) C:\windows\system32\hkcmd.exe

(Intel Corporation) C:\windows\system32\igfxtray.exe

(Intel Corporation) C:\windows\system32\igfxpers.exe

(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SFB\SmartRestarter.exe

(Intel Corporation) C:\windows\system32\igfxsrvc.exe

(Intel Corporation) C:\windows\system32\igfxext.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

(Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe

(Microsoft Corporation) C:\windows\system32\wbem\unsecapp.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10119784 2011-06-25] (Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [1812264 2010-11-13] (ELAN Microelectronics Corp.)

HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-01] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [185896 2006-09-28] (Nuance Communications, Inc.)

HKLM\...\Run: [OpwareSE4] "C:\Program Files\ScahSoft Omnipage_191011\OpwareSE4.exe" [x]

HKLM\...\Run: [FreePDF Assistant] "C:\Program Files\FreePDF_XP\fpassist.exe" [371200 2011-02-23] (shbox.de)

HKLM\...\Run: [Cobian Backup 10] "C:\Program Files\cobian Backup 10.0_191011\Cobian.exe" [421376 2010-09-23] (Luis Cobian, CobianSoft)

HKLM\...\Run: [UIExec] "C:\Program Files\T-Mobile-Internet-Manager_021211\UIExec.exe" [132608 2009-03-30] ()

HKLM\...\Run: [starter4g] C:\windows\starter4g.exe [160424 2010-04-30] (4G Systems GmbH & Co. KG)

HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-27] (Microsoft Corporation)

HKLM\...\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)

HKLM\...\Run: [SMB50StarMoneyRunEntry] "C:\Program Files\StarMoney Business 5.0 Deutsche Bank Edition\app\oflagent.exe" [56976 2013-05-23] (Star Finanz - Software Entwicklung und Vertriebs GmbH)

HKLM\...\Run: [TrayServer] C:\PROGRA~1\MAGIX\VIDEO_~1\TrayServer.exe [90112 2007-03-29] (MAGIX AG)

HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [159456 2011-08-05] (Microsoft Corporation)

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)

HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-11-11] (Google Inc.)

HKCU\...\Run: [defglogon] -autorun [x]

HKCU\...\Run: [winqn] -autorun [x]

HKCU\...\Run: [logonggdns] "C:\Users\***\AppData\Roaming\logonggdns.exe" -autorun [x]

MountPoints2: {4700721e-bdcd-11e2-aba8-90a4de9c2828} - D:\LaunchU3.exe

MountPoints2: {c3dc4716-3ea0-11e1-92ea-90a4de9c2828} - D:\autorun.exe

Startup: C:\ProgramData\Start Menu\Programs\Startup\Automatic Update-Agent.lnk

ShortcutTarget: Automatic Update-Agent.lnk -> C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe ()

Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\db dialog updater.lnk

ShortcutTarget: db dialog updater.lnk -> C:\Program Files\db-dialog_201011\wiseupdt.EXE ()

Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

ProxyServer: 46.231.14.49:8080

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -  No File

BHO: No Name - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -  No File

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL (Microsoft Corporation)

Handler: ipp - No CLSID Value - 

Handler: msdaipp - No CLSID Value - 

Handler: t-mobile - {C6D89159-3467-4C2F-9918-3362DA57BCD2} - C:\PROGRA~1\T-Mobile\HOTSPO~1\TMOBIL~1.DLL ()

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1xhf8l1d.default

FF Homepage: hxxp://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VLC-2.0.5_170213\VLC\npvlc.dll (VideoLAN)
 

========================== Services (Whitelisted) =================
 

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)

R2 cbVSCService; C:\Program Files\cobian Backup 10.0_191011\cbVSCService.exe [67584 2010-09-23] (CobianSoft, Luis Cobian)

R2 cjpcsc; C:\windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG)

S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)

R2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files\StarMoney Business 5.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)

R2 UI Assistant Service; C:\Program Files\T-Mobile-Internet-Manager_021211\AssistantServices.exe [241664 2009-03-30] ()

S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG)

R2 WTGService; C:\Program Files\XSManager\WTGService.exe [329168 2010-04-12] ()

R2 XS Stick Service; C:\windows\service4g.exe [145064 2010-04-30] (4G Systems GmbH & Co. KG)
 

==================== Drivers (Whitelisted) ====================
 

R2 ACEDRV09; C:\windows\system32\drivers\ACEDRV09.sys [110304 2012-05-05] (Protect Software GmbH)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-08] (Avira GmbH)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-08] (Avira GmbH)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-11] (Avira GmbH)

R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)

R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.)

R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)

S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2012-01-17] (Mobile Connector)

S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.)

R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [116008 2010-11-13] (ELAN Microelectronics Corp.)

R3 odysseyIM4; C:\Windows\System32\DRIVERS\odysseyIM4.sys [173056 2005-06-10] (Funk Software, Inc.)

S3 rsct_dev; C:\Windows\System32\DRIVERS\rsct_dev.sys [11776 2007-05-31] (REINER SCT)

S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-09-29] (Windows (R) 2003 DDK 3790 provider)

R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2010-10-07] (SAMSUNG ELECTRONICS)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)

R2 SSPORT; C:\windows\system32\Drivers\SSPORT.sys [5120 2009-03-02] (Samsung Electronics)

S1 rsct_bus; system32\DRIVERS\rsct_bus.sys [x]

U3 pxroapoc; \??\C:\Users\***\AppData\Local\Temp\pxroapoc.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-06-18 22:43 - 2013-06-18 22:43 - 00000000 ____D C:\FRST

2013-06-18 22:39 - 2013-06-18 22:40 - 00000000 ____D C:\Users\***\Farbar Recovery Scan Tool_180613

2013-06-18 19:44 - 2013-06-18 20:02 - 00000000 ____D C:\Users\***\gmer 2.1.19163_180613

2013-06-18 19:42 - 2013-06-18 19:42 - 00377856 ____A C:\Users\***\Downloads\gmer_2.1.19163.exe

2013-06-18 18:01 - 2013-06-18 18:33 - 00000000 ____D C:\Users\***\OTL_180613

2013-06-18 18:00 - 2013-06-18 18:00 - 00602112 ____A (OldTimer Tools) C:\Users\***\Downloads\OTL.exe

2013-06-18 17:58 - 2013-06-18 17:58 - 00000000 ____A C:\Users\***\defogger_reenable

2013-06-18 17:55 - 2013-06-18 17:58 - 00000000 ____D C:\Users\***\defogger_180613

2013-06-18 17:48 - 2013-06-18 17:48 - 00050477 ____A C:\Users\***\Downloads\Defogger.exe

2013-06-17 15:05 - 2013-06-17 15:05 - 00001273 ____A C:\Users\***\Desktop\Scratch.lnk

2013-06-17 15:05 - 2013-06-17 15:05 - 00000000 ____D C:\Users\***\Documents\Scratch Projects

2013-06-17 15:02 - 2013-06-17 15:04 - 00000000 ____D C:\Program Files\Scratch 1.4_170613

2013-06-17 14:59 - 2013-06-17 14:59 - 00000000 ____D C:\170613

2013-06-12 22:12 - 2013-06-12 22:13 - 05800064 ____A (Igor Pavlov) C:\Users\***\Downloads\MailStoreHomeSetup-8.0.5.8779.exe

2013-06-12 22:04 - 2013-06-12 22:05 - 00000000 ____D C:\08-dat_120613

2013-06-12 14:14 - 2013-06-14 12:46 - 00000000 ___HD C:\Users\***\AppData\Roaming\D9E9F6B2

2013-06-12 11:44 - 2013-06-13 13:00 - 00000000 ___HD C:\Users\***\AppData\Roaming\Pjfe

2013-06-12 11:10 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-12 11:10 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-12 11:10 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-12 11:10 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-12 11:10 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-12 11:10 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-12 11:01 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-06-12 11:01 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-06-12 11:01 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-06-12 11:01 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-06-12 11:00 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-06-12 11:00 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-06-12 11:00 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-06-12 11:00 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-06-12 11:00 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-06-12 11:00 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-12 10:03 - 2013-06-16 23:45 - 00000000 ____D C:\Users\***\AppData\Roaming\Rfybr

2013-06-12 05:59 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2013-06-12 05:59 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2013-06-12 05:59 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2013-06-12 05:59 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe

2013-06-12 05:59 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll

2013-06-12 05:59 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

2013-06-12 05:59 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

2013-06-12 05:59 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-06-12 05:59 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-06-12 05:59 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-06-12 05:59 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-06-12 05:57 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-06-11 23:10 - 2013-06-13 00:33 - 00000000 ____D C:\ProgramData\firebird

2013-06-11 23:02 - 2013-06-11 23:05 - 00000000 ____D C:\Program Files\MailStore-8.0.5.8779_110613

2013-06-11 09:08 - 2013-06-13 08:50 - 00000000 ____D C:\120613

2013-06-11 09:05 - 2013-06-11 09:10 - 00000000 ____D C:\110613

2013-06-05 21:52 - 2013-06-05 21:52 - 04808816 ____A (FileZilla Project) C:\Users\***\Downloads\FileZilla_3.7.0.2_win32-setup.exe

2013-05-28 15:44 - 2013-05-28 15:45 - 00000000 ____D C:\Users\***\AppData\Roaming\Mozilla

2013-05-28 15:44 - 2013-05-28 15:44 - 00001144 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-05-28 15:44 - 2013-05-28 15:44 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-05-27 13:40 - 2013-05-27 13:40 - 00000000 ____D C:\Users\***\AppData\Local\Tracker Software

2013-05-22 13:36 - 2013-05-22 13:36 - 00000000 ___HD C:\Users\***\Documents\Freemake_do_not_remove_this_folder635048266199573803

2013-05-22 12:06 - 2013-05-22 12:06 - 00002430 ____A C:\Users\***\Desktop\Free Video Dub.lnk

2013-05-22 12:05 - 2013-05-22 12:06 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
 

==================== One Month Modified Files and Folders ========
 

2013-06-18 22:43 - 2013-06-18 22:43 - 00000000 ____D C:\FRST

2013-06-18 22:40 - 2013-06-18 22:39 - 00000000 ____D C:\Users\***\Farbar Recovery Scan Tool_180613

2013-06-18 22:40 - 2011-10-17 14:56 - 00000000 ____D C:\users\***

2013-06-18 22:17 - 2011-11-11 17:35 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-06-18 21:59 - 2012-04-02 09:46 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-18 20:49 - 2011-07-18 13:52 - 00000000 ____D C:\12-doc_180711

2013-06-18 20:02 - 2013-06-18 19:44 - 00000000 ____D C:\Users\***\gmer 2.1.19163_180613

2013-06-18 19:42 - 2013-06-18 19:42 - 00377856 ____A C:\Users\***\Downloads\gmer_2.1.19163.exe

2013-06-18 19:20 - 2011-07-26 04:16 - 01649273 ____A C:\Windows\WindowsUpdate.log

2013-06-18 19:18 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-18 19:18 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-18 19:13 - 2011-11-11 17:35 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-18 19:10 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-18 19:10 - 2009-07-14 06:39 - 00082945 ____A C:\Windows\setupact.log

2013-06-18 19:09 - 2010-11-20 23:48 - 00045148 ____A C:\Windows\PFRO.log

2013-06-18 18:33 - 2013-06-18 18:01 - 00000000 ____D C:\Users\***\OTL_180613

2013-06-18 18:00 - 2013-06-18 18:00 - 00602112 ____A (OldTimer Tools) C:\Users\***\Downloads\OTL.exe

2013-06-18 17:58 - 2013-06-18 17:58 - 00000000 ____A C:\Users\***\defogger_reenable

2013-06-18 17:58 - 2013-06-18 17:55 - 00000000 ____D C:\Users\***\defogger_180613

2013-06-18 17:48 - 2013-06-18 17:48 - 00050477 ____A C:\Users\***\Downloads\Defogger.exe

2013-06-17 19:46 - 2011-10-19 17:50 - 00000000 ____D C:\Users\***\AppData\Local\FreePDF_XP

2013-06-17 18:41 - 2011-07-21 12:18 - 00000000 ____D C:\60-sse_210711

2013-06-17 18:24 - 2012-09-24 14:31 - 00000000 ____D C:\Program Files\StarMoney Business 5.0 Deutsche Bank Edition

2013-06-17 15:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\NDF

2013-06-17 15:05 - 2013-06-17 15:05 - 00001273 ____A C:\Users\***\Desktop\Scratch.lnk

2013-06-17 15:05 - 2013-06-17 15:05 - 00000000 ____D C:\Users\***\Documents\Scratch Projects

2013-06-17 15:04 - 2013-06-17 15:02 - 00000000 ____D C:\Program Files\Scratch 1.4_170613

2013-06-17 14:59 - 2013-06-17 14:59 - 00000000 ____D C:\170613

2013-06-16 23:45 - 2013-06-12 10:03 - 00000000 ____D C:\Users\***\AppData\Roaming\Rfybr

2013-06-14 12:46 - 2013-06-12 14:14 - 00000000 ___HD C:\Users\***\AppData\Roaming\D9E9F6B2

2013-06-13 23:13 - 2010-11-20 23:01 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI

2013-06-13 18:24 - 2011-07-18 13:56 - 00000000 ____D C:\39-pdf_150711

2013-06-13 13:00 - 2013-06-12 11:44 - 00000000 ___HD C:\Users\***\AppData\Roaming\Pjfe

2013-06-13 08:50 - 2013-06-11 09:08 - 00000000 ____D C:\120613

2013-06-13 00:33 - 2013-06-11 23:10 - 00000000 ____D C:\ProgramData\firebird

2013-06-12 22:13 - 2013-06-12 22:12 - 05800064 ____A (Igor Pavlov) C:\Users\***\Downloads\MailStoreHomeSetup-8.0.5.8779.exe

2013-06-12 22:05 - 2013-06-12 22:04 - 00000000 ____D C:\08-dat_120613

2013-06-12 21:16 - 2012-03-13 14:17 - 00007600 ____A C:\Users\***\AppData\Local\Resmon.ResmonCfg

2013-06-12 19:30 - 2011-10-20 12:04 - 00002267 ____A C:\Users\Public\Desktop\CDBurnerXP.lnk

2013-06-12 19:24 - 2011-10-19 21:31 - 00000000 ____D C:\Users\***\AppData\Roaming\FileZilla

2013-06-12 19:08 - 2011-07-18 13:53 - 00000000 ____D C:\21-html_150711

2013-06-12 11:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE

2013-06-12 11:02 - 2011-10-18 17:05 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-06-12 06:59 - 2012-04-02 09:46 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-06-12 06:59 - 2011-10-18 09:39 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-06-11 23:05 - 2013-06-11 23:02 - 00000000 ____D C:\Program Files\MailStore-8.0.5.8779_110613

2013-06-11 09:10 - 2013-06-11 09:05 - 00000000 ____D C:\110613

2013-06-10 09:16 - 2011-11-04 11:30 - 00000000 ____D C:\90-jpg_full_180711

2013-06-08 13:42 - 2013-06-12 11:10 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-08 13:40 - 2013-06-12 11:10 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-08 13:40 - 2013-06-12 11:10 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-08 13:40 - 2013-06-12 11:10 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-08 13:40 - 2013-06-12 11:10 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-08 13:13 - 2013-06-12 11:10 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-05 21:53 - 2013-04-15 08:58 - 00000000 ____D C:\Program Files\FileZilla-3.6.0.2._150413

2013-06-05 21:52 - 2013-06-05 21:52 - 04808816 ____A (FileZilla Project) C:\Users\***\Downloads\FileZilla_3.7.0.2_win32-setup.exe

2013-06-03 21:17 - 2011-07-18 13:53 - 00000000 ____D C:\18-gif_180711

2013-06-01 12:50 - 2011-07-18 13:58 - 00000000 ____D C:\54-rtf_150711

2013-05-28 15:45 - 2013-05-28 15:44 - 00000000 ____D C:\Users\***\AppData\Roaming\Mozilla

2013-05-28 15:44 - 2013-05-28 15:44 - 00001144 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-05-28 15:44 - 2013-05-28 15:44 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-05-28 14:59 - 2011-07-18 13:57 - 00000000 ____D C:\51-pst_180711

2013-05-27 13:40 - 2013-05-27 13:40 - 00000000 ____D C:\Users\***\AppData\Local\Tracker Software

2013-05-24 21:56 - 2012-05-22 10:08 - 00000000 ____D C:\ProgramData\Lexware

2013-05-24 15:06 - 2011-12-14 21:08 - 00002226 ____A C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2012.lnk

2013-05-22 13:36 - 2013-05-22 13:36 - 00000000 ___HD C:\Users\***\Documents\Freemake_do_not_remove_this_folder635048266199573803

2013-05-22 12:06 - 2013-05-22 12:06 - 00002430 ____A C:\Users\***\Desktop\Free Video Dub.lnk

2013-05-22 12:06 - 2013-05-22 12:05 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft

2013-05-22 12:05 - 2012-12-31 20:35 - 00000000 ____D C:\Program Files\FreeVideoDub 2.0.18.430_220513

2013-05-22 12:05 - 2011-10-21 10:09 - 00000000 ____D C:\Users\***\AppData\Roaming\DVDVideoSoft

2013-05-20 16:22 - 2012-10-22 10:06 - 00000000 ____D C:\Users\***\AppData\Roaming\Audacity

2013-05-20 16:19 - 2012-10-22 12:35 - 00000000 ____D C:\05-aup_221012
 

Files to move or delete:

====================

C:\ProgramData\FullRemove.exe
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-06-13 17:11
 

==================== End Of Log ============================

--- --- ---
FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-06-2013 02

Ran by *** at 2013-06-18 22:45:50 Run:

Running from C:\Users\***\Farbar Recovery Scan Tool_180613

Boot Mode: Normal

==========================================================
 
 

==================== Installed Programs =======================
 

???? ??? Windows Live (Version: 15.4.3502.0922)

?????? ??????? ?? Windows Live (Version: 15.4.3502.0922)

???????? ?????????? Windows Live (Version: 15.4.3502.0922)

?????????? Windows Live (Version: 15.4.3502.0922)

??????????? ?? Windows Live (Version: 15.4.3502.0922)

„Windows Live Essentials“ (Version: 15.4.3502.0922)

„Windows Live“ fotogalerija (Version: 15.4.3502.0922)

AAVUpdateManager (Version: 18.00.0000)

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)

Adobe Flash Player 11 Plugin (Version: 11.7.700.224)

Adobe Photoshop 4.0 LE

Alice Greenfingers

ArcSoft PhotoStudio 5.5

Atheros Client Installation Program (Version: 9.0)

Audacity 2.0.2 (Version: 2.0.2)

Avira Free Antivirus (Version: 12.1.9.1236)

BatteryLifeExtender (Version: 1.0.11)

bcTester 4.9 (de) (Version: 4.9.0)

Broadcom 802.11 Network Adapter (Version: 5.60.48.55)

CamStudio

CanoScan Toolbox Ver4.9

CDBurnerXP (Version: 4.5.1.4003)

CDex - Open Source Digital Audio CD Extractor (Version: 1.70.4.2009)

ChargeableUSB (Version: 1.0.0.0)

Cobian Backup 10

Communication Center (Version: 2.5)

cyberJack Base Components (Version: 6.10.0)

CyberLink YouCam (Version: 2.0.3911)

D3DX10 (Version: 15.4.2368.0902)

db dialog (Version: 3.4)

Easy Content Share (Version: 1.0)

Easy Display Manager (Version: 3.2)

Easy Network Manager (Version: 4.4.7)

Easy Resolution Manager (Version: 1.1.0)

Easy SpeedUp Manager (Version: 2.1.1.1)

EasyBatteryManager (Version: 4.0.0.4)

EasyFileShare (Version: 1.0.11)

ETDWare PS/2-X86 8.0.7.2_WHQL (Version: 8.0.7.2)

Fast Booting SW (Version: 1.8.0.0)

FileZilla Client 3.7.0.2 (Version: 3.7.0.2)

Firebird SQL Server - MAGIX Edition (Version: 2.1.31.0)

FLV Player 2.0, build 24 (Version: 2.0, build 24)

Fotogalerija Windows Live (Version: 15.4.3502.0922)

Free Video Dub version 2.0.18.430 (Version: 2.0.18.430)

Free YouTube to MP3 Converter version 3.10.11.923

Freemake Video Converter Version 3.2.1 (Version: 3.2.1)

FreePDF (Remove only)

Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)

Galería fotográfica de Windows Live (Version: 15.4.3502.0922)

Galeria fotografii uslugi Windows Live (Version: 15.4.3502.0922)

Galerie de photos Windows Live (Version: 15.4.3502.0922)

Galerie foto Windows Live (Version: 15.4.3502.0922)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)

Google Update Helper (Version: 1.3.21.145)

GPL Ghostscript (Version: 9.04)

HotSpot Locator 1.1

Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2117)

Intel(R) Rapid Storage Technology (Version: 10.1.0.1008)

Jalbum 8.0

Java 7 Update 21 (Version: 7.0.210)

Java Auto Updater (Version: 2.1.9.5)

Java(TM) 6 Update 2 (Version: 1.6.0.20)

JavaFX 2.1.1 (Version: 2.1.1)

Lexware Elster (Version: 13.04.00.0113)

Lexware financial office 2012 (Version: 16.54.00.0302)

Lexware Info Service (Version: 2.80.00.0007)

MAGIX Foto Clinic 5.5 5.5.31.0 (D) (Version: 5.5.31.0)

MAGIX Foto Manager 2007 4.1.1.75 (D) (Version: 4.1.1.75)

MAGIX Goya burnR 2.3.1.3 (D) (Version: 2.3.1.3)

MAGIX Music Manager 2007 8.1.1.108 (D) (Version: 8.1.1.108)

MAGIX Online Druck Service 2.3.2.0 (D) (Version: 2.3.2.0)

MAGIX Screenshare (Version: 4.3.6.1987)

MAGIX Speed burnR (MSI) (Version: 7.0.2.6)

MAGIX Video deluxe 2007 2008 PLUS 7.0.0.25 (D) (Version: 7.0.0.25)

MAGIX Video deluxe 2013 Plus (Version: 12.0.0.32)

Manual CanoScan LiDE 25

Marvell Miniport Driver (Version: 11.29.1.3)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Office 2000 Premium (Version: 9.00.2816)

Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014)

Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)

Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014)

Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014)

Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014)

Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014)

Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014)

Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)

Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014)

Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014)

Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014)

Microsoft Silverlight (Version: 4.0.50401.0)

Microsoft Smart Card Base Components

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft XML Parser (Version: 8.0.7820.0)

Mozilla Firefox 21.0 (x86 de) (Version: 21.0)

MSVCRT (Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)

MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)

Odyssey (Version: 4.0.0.1972)

Option GT HSDPA driver suite

'Option PC Cards driver package'

PDF-XChange Viewer (Version: 2.5.201.0)

Podstawowe programy Windows Live (Version: 15.4.3502.0922)

Raccolta foto di Windows Live (Version: 15.4.3502.0922)

Realtek High Definition Audio Driver (Version: 6.0.1.6400)

REALTEK PCIE Wireless LAN Software (Version: 0136.10.0325)

RedMon - Redirection Port Monitor

RENESIS® Player Browser Plugins (Version: 1.1.1)

Revo Uninstaller 1.94 (Version: 1.94)

S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922)

Samsung ML-2010 Series

Samsung Recovery Solution 4 (Version: 4.0.0.6)

Samsung Support Center (Version: 1.1.24)

Samsung Update Plus (Version: 2.0)

ScanSoft OmniPage SE 4.0 (Version: 15.00.0020)

Scratch (Version: 1.4.0.0)

Servicepack Datumsaktualisierung (Version: 1.00.00.0005)

smartMate light

SPRx32 CT-API und PC/SC Treiber

StarMoney (Version: 3.0.2.50)

StarMoney (Version: 3.0.4.48)

StarMoney Business 5.0 Deutsche Bank Edition (Version: 5.0)

Steuer-Spar-Erklärung 2007 (Version: 12.03)

Steuer-Spar-Erklärung 2008 (Version: 13.02.0000)

Steuer-Spar-Erklärung 2009 (Version: 14.01.0000)

Steuer-Spar-Erklärung 2010 (Version: 15.15)

Steuer-Spar-Erklärung 2011 (Version: 16.17)

Steuer-Spar-Erklärung 2012 (Version: 17.13)

Steuer-Spar-Erklärung 2013 (Version: 18.09)

The KMPlayer (remove only) (Version: 3.5.0.81)

T-Mobile Internet Manager 03 (Version: 1.0.0.1)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

User Guide (Version: 1.3)

VLC media player 2.0.5 (Version: 2.0.5)

WebSign Basiskomponeten

WIDCOMM Bluetooth Software (Version: 6.3.0.6200)

Winamp (Version: 5.63 )

Windows Live ?? ??? (Version: 15.4.3502.0922)

Windows Live ??? (Version: 15.4.3502.0922)

Windows Live ??? (Version: 15.4.3508.1109)

Windows Live ???? (Version: 15.4.3502.0922)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live fotoattelu galerija (Version: 15.4.3502.0922)

Windows Live Fotogaléria (Version: 15.4.3502.0922)

Windows Live Fotogalerie (Version: 15.4.3502.0922)

Windows Live Foto-galerija (Version: 15.4.3502.0922)

Windows Live Fotogalleri (Version: 15.4.3502.0922)

Windows Live Fotograf Galerisi (Version: 15.4.3502.0922)

Windows Live Fotótár (Version: 15.4.3502.0922)

Windows Live Galeria de Fotos (Version: 15.4.3502.0922)

Windows Live Galerija fotografija (Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live Temel Parçalar (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Liven asennustyökalu (Version: 15.4.3502.0922)

Windows Liven valokuvavalikoima (Version: 15.4.3502.0922)

Windows Media Player Firefox Plugin (Version: 1.0.0.8)

Windows Mobile Device Updater Component (Version: 04.08.2345.00)

XSManager (Version: 3.0)

Zattoo4 4.0.5 (Version: 4.0.5)

Zune (Version: 04.08.2345.00)

Zune Language Pack (CHS) (Version: 04.08.2345.00)

Zune Language Pack (CHT) (Version: 04.08.2345.00)

Zune Language Pack (CSY) (Version: 04.08.2345.00)

Zune Language Pack (DAN) (Version: 04.08.2345.00)

Zune Language Pack (DEU) (Version: 04.08.2345.00)

Zune Language Pack (ELL) (Version: 04.08.2345.00)

Zune Language Pack (ESP) (Version: 04.08.2345.00)

Zune Language Pack (FIN) (Version: 04.08.2345.00)

Zune Language Pack (FRA) (Version: 04.08.2345.00)

Zune Language Pack (HUN) (Version: 04.08.2345.00)

Zune Language Pack (IND) (Version: 04.08.2345.00)

Zune Language Pack (ITA) (Version: 04.08.2345.00)

Zune Language Pack (JPN) (Version: 04.08.2345.00)

Zune Language Pack (KOR) (Version: 04.08.2345.00)

Zune Language Pack (MSL) (Version: 04.08.2345.00)

Zune Language Pack (NLD) (Version: 04.08.2345.00)

Zune Language Pack (NOR) (Version: 04.08.2345.00)

Zune Language Pack (PLK) (Version: 04.08.2345.00)

Zune Language Pack (PTB) (Version: 04.08.2345.00)

Zune Language Pack (PTG) (Version: 04.08.2345.00)

Zune Language Pack (RUS) (Version: 04.08.2345.00)

Zune Language Pack (SVE) (Version: 04.08.2345.00)
 

==================== Restore Points  =========================
 

24-05-2013 12:59:44 Steuer-Spar-Erklärung 2012 wurde installiert.

24-05-2013 17:08:58 Windows Update

28-05-2013 13:08:30 Revo Uninstaller's restore point - Mozilla Firefox 21.0 (x86 de)

28-05-2013 13:22:58 Revo Uninstaller's restore point - Mozilla Firefox 21.0 (x86 de)

29-05-2013 00:59:00 Windows Update

04-06-2013 18:12:10 Windows Update

07-06-2013 23:41:35 Windows Update

11-06-2013 07:05:01 Windows Update

12-06-2013 08:59:22 Windows Update

12-06-2013 20:06:10 Revo Uninstaller's restore point - MailStore Home 8.0.5.8779
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {12AA74FB-AA36-495B-8507-B9079F869DE8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-11] (Google Inc.)

Task: {13AAD1AF-D075-4BD9-9A19-A8329BA6BE25} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)

Task: {19056CAD-90EA-4ACB-84FF-8CD0D65BC044} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)

Task: {21999BFF-6B17-4C02-9CA5-01EED812EE39} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

Task: {389B1777-C122-46F3-A6EC-858A28BFAF7E} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.)

Task: {435B9152-E045-49A0-9802-3FE20CDF60B2} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-02-07] (SAMSUNG Electronics)

Task: {45CA727A-4521-4F60-85FD-B8935D9D878E} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)

Task: {466303E5-0805-44EC-8595-C63AFDEA3A21} - System32\Tasks\ChkWiz4VistaWin7 => C:\Sysprep\ChkWiz4VistaWin7.exe [] ()

Task: {57D541CE-9229-4AA6-B25E-3A7CF4771DBF} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)

Task: {5BE3FF7F-E536-4ADB-A1E8-C5F61BEBBEA3} - System32\Tasks\{CC2B23F6-F504-4E31-8C45-2F45E8D3887B} => D:\setup.exe [] ()

Task: {5D128131-133D-44BA-AAE0-BF4E6F9EAAB5} - System32\Tasks\{A631CC1C-2406-49FB-8EC4-5BD9A65B4014} => C:\Program Files\AqFinance\AqFinance-0.9.100beta-Setup.exe [2012-09-20] (Martin Preuss)

Task: {67FA9649-111A-4C53-B4F7-07301BC82D53} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SFB\SmartRestarter.exe [2010-06-03] (Samsung Electronics Co., Ltd.)

Task: {70EADF9A-5485-4ED7-97F5-879363B7F031} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)

Task: {8176C892-B6BC-4F13-9358-C624A7822110} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe [] ()

Task: {9F764301-640E-4B52-B52C-13E6C45D1D1F} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2010-02-10] (Samsung Electronics Co., Ltd.)

Task: {A568F745-808D-46CF-94C3-EE6949370B2C} - System32\Tasks\{52B0256F-C2CD-4ACE-AD74-497CAE8D95C1} => C:\Program Files\AqFinance\AqFinance-0.9.100beta-Setup.exe [2012-09-20] (Martin Preuss)

Task: {AC8DE7C8-AEE0-44F4-B06B-9667FF756D78} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)

Task: {AEE2E35B-1C6B-4203-8DDF-47E69B2BFD1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-11] (Google Inc.)

Task: {B1226612-7E0B-41A6-80E0-5F0752240A27} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)

Task: {C4F1D3DC-782A-41A4-AD70-6BCDB6B53BBC} - System32\Tasks\{48B2666E-66F1-462D-BFC1-F327077BEB8C} => C:\Program Files\AqFinance\program\initial\bin\aqfinance.exe [2011-07-03] ()

Task: {CA537438-2E27-4C1F-8D26-45CEAA41C2C3} - System32\Tasks\{E1497134-AC6C-4365-8B61-A33FFCF5819D} => C:\Program Files\AqFinance\program\initial\bin\aqfinance.exe [2011-07-03] ()

Task: {D96D718C-E872-42EA-80CF-F533C67F8CF0} - System32\Tasks\{956ABD87-073D-4486-A41C-16385B136E69} => C:\Program Files\AqFinance\program\initial\bin\aqbanking-cli.exe [] ()

Task: {F623BB0F-E7EE-4669-BC38-24FDC8A96392} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
 

==================== Faulty Device Manager Devices =============
 

Name: Broadcom 802.11n-Netzwerkadapter

Description: Broadcom 802.11n-Netzwerkadapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Broadcom

Service: BCM43XX

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (06/18/2013 09:32:05 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: svchost.exe_StiSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100

Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000

Ausnahmecode: 0xc0000005

Fehleroffset: 0xc0000120

ID des fehlerhaften Prozesses: 0x174

Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_StiSvc0

Pfad der fehlerhaften Anwendung: svchost.exe_StiSvc1

Pfad des fehlerhaften Moduls: svchost.exe_StiSvc2

Berichtskennung: svchost.exe_StiSvc3
 

Error: (06/18/2013 08:04:37 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0

Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00012288

ID des fehlerhaften Prozesses: 0x5d8

Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0

Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1

Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2

Berichtskennung: gmer_2.1.19163.exe3
 

Error: (06/18/2013 07:59:45 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0

Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00012288

ID des fehlerhaften Prozesses: 0x1400

Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0

Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1

Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2

Berichtskennung: gmer_2.1.19163.exe3
 

Error: (06/18/2013 07:45:11 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec3cc

Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879, Zeitstempel: 0x518ec306

Ausnahmecode: 0xc0000005

Fehleroffset: 0x001c9789

ID des fehlerhaften Prozesses: 0xbc0

Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0

Pfad der fehlerhaften Anwendung: firefox.exe1

Pfad des fehlerhaften Moduls: firefox.exe2

Berichtskennung: firefox.exe3
 

Error: (06/18/2013 07:10:59 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/18/2013 03:30:07 AM) (Source: VSS) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.

Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
 
 

Vorgang:

   Generatordaten werden gesammelt
 

Kontext:

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {f2db68fa-e3dc-4650-b334-be53f7363df3}
 

Error: (06/18/2013 01:30:55 AM) (Source: VSS) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.

Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
 
 

Vorgang:

   Generatordaten werden gesammelt
 

Kontext:

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {f2db68fa-e3dc-4650-b334-be53f7363df3}
 

Error: (06/17/2013 11:30:09 PM) (Source: VSS) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.

Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
 
 

Vorgang:

   Generatordaten werden gesammelt
 

Kontext:

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {f2db68fa-e3dc-4650-b334-be53f7363df3}
 

Error: (06/17/2013 08:29:31 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/17/2013 08:25:47 PM) (Source: Application Hang) (User: )

Description: Programm freepdf.exe, Version 4.0.0.42 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 1398
 

Startzeit: 01ce6b82a48994f9
 

Endzeit: 16
 

Anwendungspfad: C:\Program Files\FreePDF_XP\freepdf.exe
 

Berichts-ID:
 
 

System errors:

=============

Error: (06/18/2013 09:32:35 PM) (Source: Service Control Manager) (User: )

Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (06/18/2013 09:32:05 PM) (Source: SCardSvr) (User: )

Description: Das Gerät ist nicht angeschlossen.REINER SCT cyberJack pinpad/e-com USB 52GET_STATEXX XX XX XX
 

Error: (06/18/2013 09:30:04 PM) (Source: SCardSvr) (User: )

Description: Das Gerät ist nicht angeschlossen.REINER SCT cyberJack pinpad/e-com USB 52
 

Error: (06/18/2013 09:30:04 PM) (Source: SCardSvr) (User: )

Description: Das Gerät ist nicht angeschlossen.
 

Error: (06/18/2013 09:30:04 PM) (Source: SCardSvr) (User: )

Description: Das Gerät ist nicht angeschlossen.REINER SCT cyberJack pinpad/e-com USB 52POWER01 00 00 00
 

Error: (06/18/2013 09:30:04 PM) (Source: SCardSvr) (User: )

Description: Das Gerät ist nicht angeschlossen.REINER SCT cyberJack pinpad/e-com USB 52POWER01 00 00 00
 

Error: (06/18/2013 09:30:04 PM) (Source: SCardSvr) (User: )

Description: Das Gerät erkennt den Befehl nicht.REINER SCT cyberJack pinpad/e-com USB 52POWER01 00 00 00
 

Error: (06/18/2013 07:15:56 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Search" wurde nicht richtig gestartet.
 

Error: (06/18/2013 07:10:41 PM) (Source: Service Control Manager) (User: )

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

cdrom

rsct_bus

tcpipBM
 

Error: (06/18/2013 07:10:16 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%20
 
 

Microsoft Office Sessions:

=========================
 

==================== Memory info =========================== 
 

Percentage of memory in use: 60%

Total physical RAM: 2037.3 MB

Available physical RAM: 798.42 MB

Total Pagefile: 4074.59 MB

Available Pagefile: 2721.63 MB

Total Virtual: 2047.88 MB

Available Virtual: 1918.81 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:277.99 GB) (Free:73.72 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 298 GB) (Disk ID: CD3D43EB)

Partition 1: (Not Active) - (Size=20 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=278 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

--- --- ---

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo schrauber,
vielen Dank für die rasche Hilfe!
Ich habe Deine Anweisungen befolgt.
Nachfolgend die logfile.txt:

Combofix Logfile:

Code:

ComboFix 13-06-18.02 - *** 19.06.2013  11:03:17.1.2 - x86

Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.2037.1187 [GMT 2:00]

ausgeführt von:: c:\users\***\ComboFix_190613\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\mxfilerelatedcache.mxc2

c:\users\***\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2

c:\users\***\Favorites\Cache.mxc3

c:\users\***\Favorites\mxfilerelatedcache.mxc2

c:\windows\iun6002.exe

c:\windows\unin0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-05-19 bis 2013-06-19  ))))))))))))))))))))))))))))))

.

.

2013-06-19 09:27 . 2013-06-19 09:27        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-06-19 08:42 . 2013-06-19 08:46        --------        d-----w-        c:\users\***\ComboFix_190613

2013-06-18 21:41 . 2013-06-18 21:41        --------        d-----w-        C:\190613

2013-06-18 20:43 . 2013-06-18 20:43        --------        d-----w-        C:\FRST

2013-06-18 20:39 . 2013-06-18 21:40        --------        d-----w-        c:\users\***\Farbar Recovery Scan Tool_180613

2013-06-18 17:44 . 2013-06-18 18:02        --------        d-----w-        c:\users\***\gmer 2.1.19163_180613

2013-06-18 16:01 . 2013-06-18 16:33        --------        d-----w-        c:\users\***\OTL_180613

2013-06-18 15:55 . 2013-06-18 15:58        --------        d-----w-        c:\users\***\defogger_180613

2013-06-17 13:02 . 2013-06-17 13:04        --------        d-----w-        c:\program files\Scratch 1.4_170613

2013-06-17 12:59 . 2013-06-17 12:59        --------        d-----w-        C:\170613

2013-06-14 14:53 . 2013-06-19 09:01        60872        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B43BC78-C176-41D6-A8C1-7315641D325E}\offreg.dll

2013-06-14 14:39 . 2013-05-13 06:19        7016152        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B43BC78-C176-41D6-A8C1-7315641D325E}\mpengine.dll

2013-06-12 20:04 . 2013-06-12 20:05        --------        d-----w-        C:\08-dat_120613

2013-06-12 12:14 . 2013-06-14 10:46        --------        d--h--w-        c:\users\***\AppData\Roaming\D9E9F6B2

2013-06-12 09:44 . 2013-06-13 11:00        --------        d--h--w-        c:\users\***\AppData\Roaming\Pjfe

2013-06-12 09:10 . 2013-06-08 11:13        2706432        ----a-w-        c:\windows\system32\mshtml.tlb

2013-06-12 09:10 . 2013-06-08 11:41        218112        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll

2013-06-12 09:01 . 2013-05-17 01:25        2877440        ----a-w-        c:\windows\system32\jscript9.dll

2013-06-12 09:01 . 2013-05-17 01:25        108032        ----a-w-        c:\program files\Internet Explorer\jsdebuggeride.dll

2013-06-12 09:01 . 2013-05-17 01:25        61440        ----a-w-        c:\windows\system32\iesetup.dll

2013-06-12 09:00 . 2013-05-17 01:25        257536        ----a-w-        c:\program files\Internet Explorer\ieproxy.dll

2013-06-12 09:00 . 2013-05-17 01:25        235520        ----a-w-        c:\program files\Internet Explorer\IEShims.dll

2013-06-12 09:00 . 2013-05-14 08:40        71680        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe

2013-06-12 09:00 . 2013-05-17 01:25        109056        ----a-w-        c:\windows\system32\iesysprep.dll

2013-06-12 09:00 . 2013-05-17 01:25        817664        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-06-12 09:00 . 2013-05-17 01:25        1767936        ----a-w-        c:\windows\system32\wininet.dll

2013-06-12 09:00 . 2013-05-17 02:32        770648        ----a-w-        c:\program files\Internet Explorer\iexplore.exe

2013-06-12 08:03 . 2013-06-18 22:37        --------        d-----w-        c:\users\***\AppData\Roaming\Rfybr

2013-06-12 03:59 . 2013-04-25 23:30        1505280        ----a-w-        c:\windows\system32\d3d11.dll

2013-06-12 03:59 . 2013-05-10 03:20        24576        ----a-w-        c:\windows\system32\cryptdlg.dll

2013-06-12 03:59 . 2013-04-26 04:55        492544        ----a-w-        c:\windows\system32\win32spl.dll

2013-06-12 03:59 . 2013-05-13 03:08        903168        ----a-w-        c:\windows\system32\certutil.exe

2013-06-12 03:59 . 2013-05-13 04:45        140288        ----a-w-        c:\windows\system32\cryptsvc.dll

2013-06-12 03:59 . 2013-05-13 04:45        1160192        ----a-w-        c:\windows\system32\crypt32.dll

2013-06-12 03:59 . 2013-05-13 04:45        103936        ----a-w-        c:\windows\system32\cryptnet.dll

2013-06-12 03:59 . 2013-05-13 03:08        43008        ----a-w-        c:\windows\system32\certenc.dll

2013-06-12 03:59 . 2013-04-17 07:02        1230336        ----a-w-        c:\windows\system32\WindowsCodecs.dll

2013-06-12 03:59 . 2013-05-06 05:06        3968872        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2013-06-12 03:59 . 2013-05-06 05:06        3913576        ----a-w-        c:\windows\system32\ntoskrnl.exe

2013-06-12 03:57 . 2013-05-08 05:38        1293672        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2013-06-11 21:23 . 2013-06-11 21:23        --------        d-----w-        c:\users\***\AppData\Local\MailStore Temp

2013-06-11 21:10 . 2013-06-12 22:33        --------        d-----w-        c:\programdata\firebird

2013-06-11 21:02 . 2013-06-11 21:05        --------        d-----w-        c:\program files\MailStore-8.0.5.8779_110613

2013-06-11 07:08 . 2013-06-13 06:50        --------        d-----w-        C:\120613

2013-06-11 07:05 . 2013-06-11 07:10        --------        d-----w-        C:\110613

2013-05-27 11:40 . 2013-05-27 11:40        --------        d-----w-        c:\users\***\AppData\Local\Tracker Software

2013-05-22 10:05 . 2013-05-22 10:06        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-12 04:59 . 2012-04-02 07:46        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2013-06-12 04:59 . 2011-10-18 07:39        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-28 14:48 . 2010-06-24 02:33        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-02 00:06 . 2011-10-17 13:15        238872        ------w-        c:\windows\system32\MpSigStub.exe

2013-05-01 01:06 . 2013-05-01 01:06        745472        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe

2013-05-01 01:06 . 2013-05-01 01:06        185344        ----a-w-        c:\windows\system32\elshyph.dll

2013-05-01 01:06 . 2013-05-01 01:06        158720        ----a-w-        c:\windows\system32\msls31.dll

2013-05-01 01:06 . 2013-05-01 01:06        523264        ----a-w-        c:\windows\system32\vbscript.dll

2013-05-01 01:06 . 2013-05-01 01:06        150528        ----a-w-        c:\windows\system32\iexpress.exe

2013-05-01 01:06 . 2013-05-01 01:06        138752        ----a-w-        c:\windows\system32\wextract.exe

2013-05-01 01:06 . 2013-05-01 01:06        137216        ----a-w-        c:\windows\system32\ieUnatt.exe

2013-05-01 01:06 . 2013-05-01 01:06        12800        ----a-w-        c:\windows\system32\mshta.exe

2013-05-01 01:06 . 2013-05-01 01:06        73728        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2013-05-01 01:06 . 2013-05-01 01:06        38400        ----a-w-        c:\windows\system32\imgutil.dll

2013-05-01 01:06 . 2013-05-01 01:06        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll

2013-05-01 01:06 . 2013-05-01 01:06        48640        ----a-w-        c:\windows\system32\mshtmler.dll

2013-05-01 01:06 . 2013-05-01 01:06        61952        ----a-w-        c:\windows\system32\tdc.ocx

2013-05-01 01:06 . 2013-05-01 01:06        719360        ----a-w-        c:\windows\system32\mshtmlmedia.dll

2013-05-01 01:06 . 2013-05-01 01:06        361984        ----a-w-        c:\windows\system32\html.iec

2013-05-01 01:06 . 2013-05-01 01:06        23040        ----a-w-        c:\windows\system32\licmgr10.dll

2013-05-01 01:06 . 2013-05-01 01:06        1441280        ----a-w-        c:\windows\system32\inetcpl.cpl

2013-04-13 04:45 . 2013-05-15 10:36        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 10:36        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll

2013-04-12 13:45 . 2013-04-23 18:35        1211752        ----a-w-        c:\windows\system32\drivers\ntfs.sys

2013-04-10 05:18 . 2013-05-15 10:36        728424        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys

2013-04-10 05:18 . 2013-05-15 10:36        218984        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys

2013-04-10 03:14 . 2013-05-15 10:38        2347520        ----a-w-        c:\windows\system32\win32k.sys

2013-04-04 03:35 . 2013-04-19 06:43        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"defglogon"="-autorun" [X]

"winqn"="-autorun" [X]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-11 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-25 10119784]

"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2010-11-12 1812264]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-01 348664]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2011-02-23 371200]

"Cobian Backup 10"="c:\program files\cobian Backup 10.0_191011\Cobian.exe" [2010-09-23 421376]

"UIExec"="c:\program files\T-Mobile-Internet-Manager_021211\UIExec.exe" [2009-03-30 132608]

"starter4g"="c:\windows\starter4g.exe" [2010-04-30 160424]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]

"SMB50StarMoneyRunEntry"="c:\program files\StarMoney Business 5.0 Deutsche Bank Edition\app\oflagent.exe" [2013-05-23 56976]

"TrayServer"="c:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe" [2007-03-29 90112]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Automatic Update-Agent.lnk - c:\program files\T-Mobile\Communication Center\AutoUpdateSrv.exe [2011-10-20 499712]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-21 836896]

db dialog updater.lnk - c:\program files\db-dialog_201011\wiseupdt.EXE /c [2004-5-24 203968]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-4-30 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

R1 rsct_bus;REINER SCT PC/SC Bus;c:\windows\system32\DRIVERS\rsct_bus.sys [x]

R2 UI Assistant Service;UI Assistant Service;c:\program files\T-Mobile-Internet-Manager_021211\AssistantServices.exe [2009-03-30 241664]

R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [2011-03-29 28144]

R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2012-01-17 103424]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-10-29 7680]

R3 rsct_dev;REINER PC/SC SmartCard Reader Device Driver;c:\windows\system32\DRIVERS\rsct_dev.sys [2007-05-31 11776]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]

S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2007-05-31 14949]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 10752]

S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]

S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2012-05-05 110304]

S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]

S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian Backup 10.0_191011\cbVSCService.exe [2010-09-23 67584]

S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [2012-03-19 514128]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 5120]

S2 StarMoney Business 5.0 OnlineUpdate;StarMoney Business 5.0 OnlineUpdate;c:\program files\StarMoney Business 5.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [2012-12-21 699680]

S2 WTGService;WTGService;c:\program files\XSManager\WTGService.exe [2010-04-12 329168]

S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-04-30 145064]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-13 297000]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 33320]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 116008]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-08-30 315680]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - BMLoad

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc

.

Inhalt des "geplante Tasks" Ordners

.

2013-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 04:59]

.

2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-11 15:35]

.

2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-11 15:35]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uInternet Settings,ProxyServer = 46.231.14.49:8080

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1xhf8l1d.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

HKCU-Run-logonggdns - c:\users\***\AppData\Roaming\logonggdns.exe

HKLM-Run-OpwareSE4 - c:\program files\ScahSoft Omnipage_191011\OpwareSE4.exe

AddRemove-Adobe Photoshop 4.0 LE - c:\windows\unin0407.exe

AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe

AddRemove-TMobileHotspotLocator - c:\windows\iun6002.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FotoManagerDeluxe.9.alb"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2013-06-19  11:36:14

ComboFix-quarantined-files.txt  2013-06-19 09:36

.

Vor Suchlauf: 49 Verzeichnis(se), 79.049.019.392 Bytes frei

Nach Suchlauf: 54 Verzeichnis(se), 79.327.084.544 Bytes frei

.

- - End Of File - - 76741AE438C87E188BD03DF8B73B2D28

--- --- ---
2E5DEBB2116B3417023E0D6562D7ED07

Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link

Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

Folder:: c:\users\***\AppData\Roaming\D9E9F6B2 c:\users\***\AppData\Roaming\Pjfe c:\users\***\AppData\Roaming\Rfybr Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "defglogon"=- "winqn"=-

Speichere dies als CFScript.txt auf deinem Desktop.

Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!

Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.

Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:

Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST Log. Noch Probleme?

Hallo schrauber. Ich habe die weiteren Schritte befolgt. Die Anweisungen "Suspect" und "Collect" sind m.E. im Skript nicht enthalten. Das neue Log zu ComboFix im #
Ich mache jetzt mit AdwCleaner weiter. Vielen Dank!

Code:

ComboFix 13-06-18.02 - *** 19.06.2013  15:01:34.2.2 - x86

Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.2037.1166 [GMT 2:00]

ausgeführt von:: c:\users\***\ComboFix_190613\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\***\ComboFix_190613\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\***\AppData\Roaming\D9E9F6B2

c:\users\***\AppData\Roaming\D9E9F6B2\D9E9F6B2.DAT

c:\users\***\AppData\Roaming\D9E9F6B2\D9E9F6B2.DAT.DAT

c:\users\***\AppData\Roaming\Pjfe

c:\users\***\AppData\Roaming\Rfybr

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-05-19 bis 2013-06-19  ))))))))))))))))))))))))))))))

.

.

2013-06-19 13:23 . 2013-06-19 13:23        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-06-19 13:23 . 2013-06-19 13:23        --------        d-----w-        c:\users\Administrator\AppData\Local\temp

2013-06-19 08:42 . 2013-06-19 13:01        --------        d-----w-        c:\users\***\ComboFix_190613

2013-06-18 21:41 . 2013-06-18 21:41        --------        d-----w-        C:\190613

2013-06-18 20:43 . 2013-06-18 20:43        --------        d-----w-        C:\FRST

2013-06-18 20:39 . 2013-06-18 21:40        --------        d-----w-        c:\users\***\Farbar Recovery Scan Tool_180613

2013-06-18 17:44 . 2013-06-18 18:02        --------        d-----w-        c:\users\***\gmer 2.1.19163_180613

2013-06-18 16:01 . 2013-06-18 16:33        --------        d-----w-        c:\users\***\OTL_180613

2013-06-18 15:55 . 2013-06-18 15:58        --------        d-----w-        c:\users\***\defogger_180613

2013-06-17 13:02 . 2013-06-17 13:04        --------        d-----w-        c:\program files\Scratch 1.4_170613

2013-06-17 12:59 . 2013-06-17 12:59        --------        d-----w-        C:\170613

2013-06-14 14:39 . 2013-05-13 06:19        7016152        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B43BC78-C176-41D6-A8C1-7315641D325E}\mpengine.dll

2013-06-12 20:04 . 2013-06-12 20:05        --------        d-----w-        C:\08-dat_120613

2013-06-12 09:10 . 2013-06-08 11:13        2706432        ----a-w-        c:\windows\system32\mshtml.tlb

2013-06-12 09:10 . 2013-06-08 11:41        218112        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll

2013-06-12 09:01 . 2013-05-17 01:25        2877440        ----a-w-        c:\windows\system32\jscript9.dll

2013-06-12 09:01 . 2013-05-17 01:25        108032        ----a-w-        c:\program files\Internet Explorer\jsdebuggeride.dll

2013-06-12 09:01 . 2013-05-17 01:25        61440        ----a-w-        c:\windows\system32\iesetup.dll

2013-06-12 09:00 . 2013-05-17 01:25        257536        ----a-w-        c:\program files\Internet Explorer\ieproxy.dll

2013-06-12 09:00 . 2013-05-17 01:25        235520        ----a-w-        c:\program files\Internet Explorer\IEShims.dll

2013-06-12 09:00 . 2013-05-14 08:40        71680        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe

2013-06-12 09:00 . 2013-05-17 01:25        109056        ----a-w-        c:\windows\system32\iesysprep.dll

2013-06-12 09:00 . 2013-05-17 01:25        817664        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-06-12 09:00 . 2013-05-17 01:25        1767936        ----a-w-        c:\windows\system32\wininet.dll

2013-06-12 09:00 . 2013-05-17 02:32        770648        ----a-w-        c:\program files\Internet Explorer\iexplore.exe

2013-06-12 03:59 . 2013-04-25 23:30        1505280        ----a-w-        c:\windows\system32\d3d11.dll

2013-06-12 03:59 . 2013-05-10 03:20        24576        ----a-w-        c:\windows\system32\cryptdlg.dll

2013-06-12 03:59 . 2013-04-26 04:55        492544        ----a-w-        c:\windows\system32\win32spl.dll

2013-06-12 03:59 . 2013-05-13 03:08        903168        ----a-w-        c:\windows\system32\certutil.exe

2013-06-12 03:59 . 2013-05-13 04:45        140288        ----a-w-        c:\windows\system32\cryptsvc.dll

2013-06-12 03:59 . 2013-05-13 04:45        1160192        ----a-w-        c:\windows\system32\crypt32.dll

2013-06-12 03:59 . 2013-05-13 04:45        103936        ----a-w-        c:\windows\system32\cryptnet.dll

2013-06-12 03:59 . 2013-05-13 03:08        43008        ----a-w-        c:\windows\system32\certenc.dll

2013-06-12 03:59 . 2013-04-17 07:02        1230336        ----a-w-        c:\windows\system32\WindowsCodecs.dll

2013-06-12 03:59 . 2013-05-06 05:06        3968872        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2013-06-12 03:59 . 2013-05-06 05:06        3913576        ----a-w-        c:\windows\system32\ntoskrnl.exe

2013-06-12 03:57 . 2013-05-08 05:38        1293672        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2013-06-11 21:23 . 2013-06-11 21:23        --------        d-----w-        c:\users\***\AppData\Local\MailStore Temp

2013-06-11 21:10 . 2013-06-12 22:33        --------        d-----w-        c:\programdata\firebird

2013-06-11 21:02 . 2013-06-11 21:05        --------        d-----w-        c:\program files\MailStore-8.0.5.8779_110613

2013-06-11 07:08 . 2013-06-13 06:50        --------        d-----w-        C:\120613

2013-06-11 07:05 . 2013-06-11 07:10        --------        d-----w-        C:\110613

2013-05-27 11:40 . 2013-05-27 11:40        --------        d-----w-        c:\users\***\AppData\Local\Tracker Software

2013-05-22 10:05 . 2013-05-22 10:06        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-12 04:59 . 2012-04-02 07:46        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2013-06-12 04:59 . 2011-10-18 07:39        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-28 14:48 . 2010-06-24 02:33        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-02 00:06 . 2011-10-17 13:15        238872        ------w-        c:\windows\system32\MpSigStub.exe

2013-05-01 01:06 . 2013-05-01 01:06        745472        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe

2013-05-01 01:06 . 2013-05-01 01:06        185344        ----a-w-        c:\windows\system32\elshyph.dll

2013-05-01 01:06 . 2013-05-01 01:06        158720        ----a-w-        c:\windows\system32\msls31.dll

2013-05-01 01:06 . 2013-05-01 01:06        523264        ----a-w-        c:\windows\system32\vbscript.dll

2013-05-01 01:06 . 2013-05-01 01:06        150528        ----a-w-        c:\windows\system32\iexpress.exe

2013-05-01 01:06 . 2013-05-01 01:06        138752        ----a-w-        c:\windows\system32\wextract.exe

2013-05-01 01:06 . 2013-05-01 01:06        137216        ----a-w-        c:\windows\system32\ieUnatt.exe

2013-05-01 01:06 . 2013-05-01 01:06        12800        ----a-w-        c:\windows\system32\mshta.exe

2013-05-01 01:06 . 2013-05-01 01:06        73728        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2013-05-01 01:06 . 2013-05-01 01:06        38400        ----a-w-        c:\windows\system32\imgutil.dll

2013-05-01 01:06 . 2013-05-01 01:06        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll

2013-05-01 01:06 . 2013-05-01 01:06        48640        ----a-w-        c:\windows\system32\mshtmler.dll

2013-05-01 01:06 . 2013-05-01 01:06        61952        ----a-w-        c:\windows\system32\tdc.ocx

2013-05-01 01:06 . 2013-05-01 01:06        719360        ----a-w-        c:\windows\system32\mshtmlmedia.dll

2013-05-01 01:06 . 2013-05-01 01:06        361984        ----a-w-        c:\windows\system32\html.iec

2013-05-01 01:06 . 2013-05-01 01:06        23040        ----a-w-        c:\windows\system32\licmgr10.dll

2013-05-01 01:06 . 2013-05-01 01:06        1441280        ----a-w-        c:\windows\system32\inetcpl.cpl

2013-04-13 04:45 . 2013-05-15 10:36        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 10:36        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll

2013-04-12 13:45 . 2013-04-23 18:35        1211752        ----a-w-        c:\windows\system32\drivers\ntfs.sys

2013-04-10 05:18 . 2013-05-15 10:36        728424        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys

2013-04-10 05:18 . 2013-05-15 10:36        218984        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys

2013-04-10 03:14 . 2013-05-15 10:38        2347520        ----a-w-        c:\windows\system32\win32k.sys

2013-04-04 03:35 . 2013-04-19 06:43        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-11 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-25 10119784]

"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2010-11-12 1812264]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-01 348664]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2011-02-23 371200]

"Cobian Backup 10"="c:\program files\cobian Backup 10.0_191011\Cobian.exe" [2010-09-23 421376]

"UIExec"="c:\program files\T-Mobile-Internet-Manager_021211\UIExec.exe" [2009-03-30 132608]

"starter4g"="c:\windows\starter4g.exe" [2010-04-30 160424]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]

"SMB50StarMoneyRunEntry"="c:\program files\StarMoney Business 5.0 Deutsche Bank Edition\app\oflagent.exe" [2013-05-23 56976]

"TrayServer"="c:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe" [2007-03-29 90112]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Automatic Update-Agent.lnk - c:\program files\T-Mobile\Communication Center\AutoUpdateSrv.exe [2011-10-20 499712]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-21 836896]

db dialog updater.lnk - c:\program files\db-dialog_201011\wiseupdt.EXE /c [2004-5-24 203968]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-4-30 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

R1 rsct_bus;REINER SCT PC/SC Bus;c:\windows\system32\DRIVERS\rsct_bus.sys [x]

R2 StarMoney Business 5.0 OnlineUpdate;StarMoney Business 5.0 OnlineUpdate;c:\program files\StarMoney Business 5.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [2012-12-21 699680]

R2 UI Assistant Service;UI Assistant Service;c:\program files\T-Mobile-Internet-Manager_021211\AssistantServices.exe [2009-03-30 241664]

R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [2011-03-29 28144]

R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2012-01-17 103424]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-10-29 7680]

R3 rsct_dev;REINER PC/SC SmartCard Reader Device Driver;c:\windows\system32\DRIVERS\rsct_dev.sys [2007-05-31 11776]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]

S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2007-05-31 14949]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 10752]

S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]

S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2012-05-05 110304]

S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]

S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian Backup 10.0_191011\cbVSCService.exe [2010-09-23 67584]

S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [2012-03-19 514128]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 5120]

S2 WTGService;WTGService;c:\program files\XSManager\WTGService.exe [2010-04-12 329168]

S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-04-30 145064]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-13 297000]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 33320]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 116008]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-08-30 315680]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - BMLoad

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc

.

Inhalt des "geplante Tasks" Ordners

.

2013-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 04:59]

.

2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-11 15:35]

.

2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-11 15:35]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uInternet Settings,ProxyServer = 46.231.14.49:8080

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1xhf8l1d.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FotoManagerDeluxe.9.alb"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2013-06-19  15:29:49

ComboFix-quarantined-files.txt  2013-06-19 13:29

ComboFix2.txt  2013-06-19 09:36

.

Vor Suchlauf: 53 Verzeichnis(se), 79.640.956.928 Bytes frei

Nach Suchlauf: 54 Verzeichnis(se), 79.448.539.136 Bytes frei

.

- - End Of File - - 8CB8DD56B0952AAD852F8B38E880C606

2E5DEBB2116B3417023E0D6562D7ED07

Hallo schrauber, die Lodatei von AdwCleaner im #. Danke. Ich mache weiter mit Junkware Removal Tool.

Code:

# AdwCleaner v2.303 - Datei am 19/06/2013 um 16:59:06 erstellt

# Aktualisiert am 08/06/2013 von Xplode

# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)

# Benutzer : *** - SAMSUNG1011

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\***\AdwCleaner_190613\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Ordner Gelöscht : C:\Users\***\AppData\Local\OpenCandy
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\APN PIP

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKLM\Software\PIP
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v10.0.9200.16611
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v21.0 (de)
 

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1xhf8l1d.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[S1].txt - [963 octets] - [19/06/2013 16:59:06]
 

########## EOF - C:\AdwCleaner[S1].txt - [1022 octets] ##########

Hallo schrauber. Die JRT.txt in #. Ich fahre fort mit Eset. Danke.

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Starter x86

Ran by *** on 19.06.2013 at 17:26:11,40

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{7CCEFC6E-A51F-48E6-A08B-D2AA2DA47332}

Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{82ECBF04-4D64-4997-B50B-CBC7E61682E1}

Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D5151A56-8E3E-4CB3-AF0C-C41F7F08551C}
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1xhf8l1d.default\minidumps [38 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 19.06.2013 at 17:31:32,81

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hallo schrauber, Eset hat die Nacht gescannt. Nachfolgend das Logfile. Ich werde Eset jetzt deinstallieren und dann SecurityCheck downloaden. Vielen Dank.

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=195a665c8d2a5a4692a7a98478e1c2d6

# engine=14111

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-06-19 11:23:29

# local_time=2013-06-20 01:23:29 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1799 16775165 100 100 102803 237107499 95550 0

# compatibility_mode=5893 16776573 100 94 26829 123315400 0 0

# scanned=516238

# found=0

# cleaned=0

# scan_time=25952

Hallo schrauber, nachfolgend das checkup.txt. Ich mache jetzt noch ein frisches FRST Log.
Danke.

Code:

Results of screen317's Security Check version 0.99.64  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  

 Internet Explorer 10  
 ``````````````Antivirus/Firewall Check:`````````````` 

Avira Desktop   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 JavaFX 2.1.1    

 Java 7 Update 21  

 Java(TM) 6 Update 2  

 Adobe Flash Player         11.7.700.224  

 Mozilla Firefox (21.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

Hallo schrauber, nachfolgend das frische FRST. Ich denke/hoffe, dass mein Rechner jetzt wieder clean ist. Vielen Dank!
FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-06-2013

Ran by *** (administrator) on 20-06-2013 10:14:58

Running from C:\Users\***\Farbar Recovery Scan Tool_200613

Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(CobianSoft, Luis Cobian) C:\Program Files\cobian Backup 10.0_191011\cbVSCService.exe

(REINER SCT) C:\windows\system32\cjpcsc.exe

() C:\Program Files\T-Mobile-Internet-Manager_021211\AssistantServices.exe

() C:\Program Files\XSManager\WTGService.exe

(4G Systems GmbH & Co. KG) C:\windows\service4g.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe

(Luis Cobian, CobianSoft) C:\Program Files\cobian Backup 10.0_191011\Cobian.exe

() C:\Program Files\T-Mobile-Internet-Manager_021211\UIExec.exe

(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe

(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Luis Cobian, CobianSoft) C:\Program Files\cobian Backup 10.0_191011\cbInterface.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Intel Corporation) C:\windows\system32\hkcmd.exe

(Intel Corporation) C:\windows\system32\igfxtray.exe

(Intel Corporation) C:\windows\system32\igfxpers.exe

(Intel Corporation) C:\windows\system32\igfxsrvc.exe

(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SFB\SmartRestarter.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

(Intel Corporation) C:\windows\system32\igfxext.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Avira Operations GmbH & Co. KG) C:\program files\avira\antivir desktop\avcenter.exe

() C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE

(Microsoft Corporation) C:\windows\system32\prevhost.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10119784 2011-06-25] (Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [1812264 2010-11-13] (ELAN Microelectronics Corp.)

HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-01] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [185896 2006-09-28] (Nuance Communications, Inc.)

HKLM\...\Run: [FreePDF Assistant] "C:\Program Files\FreePDF_XP\fpassist.exe" [371200 2011-02-23] (shbox.de)

HKLM\...\Run: [Cobian Backup 10] "C:\Program Files\cobian Backup 10.0_191011\Cobian.exe" [421376 2010-09-23] (Luis Cobian, CobianSoft)

HKLM\...\Run: [UIExec] "C:\Program Files\T-Mobile-Internet-Manager_021211\UIExec.exe" [132608 2009-03-30] ()

HKLM\...\Run: [starter4g] C:\windows\starter4g.exe [160424 2010-04-30] (4G Systems GmbH & Co. KG)

HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-27] (Microsoft Corporation)

HKLM\...\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)

HKLM\...\Run: [SMB50StarMoneyRunEntry] "C:\Program Files\StarMoney Business 5.0 Deutsche Bank Edition\app\oflagent.exe" [56976 2013-05-23] (Star Finanz - Software Entwicklung und Vertriebs GmbH)

HKLM\...\Run: [TrayServer] C:\PROGRA~1\MAGIX\VIDEO_~1\TrayServer.exe [90112 2007-03-29] (MAGIX AG)

HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [159456 2011-08-05] (Microsoft Corporation)

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)

HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-11-11] (Google Inc.)

HKCU\...\Policies\system: [DisableRegistryTools] 0

HKCU\...\Policies\system: [DisableTaskMgr] 0

Startup: C:\ProgramData\Start Menu\Programs\Startup\Automatic Update-Agent.lnk

ShortcutTarget: Automatic Update-Agent.lnk -> C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe ()

Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\db dialog updater.lnk

ShortcutTarget: db dialog updater.lnk -> C:\Program Files\db-dialog_201011\wiseupdt.EXE ()

Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

ProxyServer: 46.231.14.49:8080

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -  No File

BHO: No Name - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -  No File

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL (Microsoft Corporation)

Handler: ipp - No CLSID Value - 

Handler: msdaipp - No CLSID Value - 

Handler: t-mobile - {C6D89159-3467-4C2F-9918-3362DA57BCD2} - C:\PROGRA~1\T-Mobile\HOTSPO~1\TMOBIL~1.DLL ()

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1xhf8l1d.default

FF Homepage: hxxp://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VLC-2.0.5_170213\VLC\npvlc.dll (VideoLAN)
 

========================== Services (Whitelisted) =================
 

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)

R2 cbVSCService; C:\Program Files\cobian Backup 10.0_191011\cbVSCService.exe [67584 2010-09-23] (CobianSoft, Luis Cobian)

R2 cjpcsc; C:\windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG)

S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)

S2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files\StarMoney Business 5.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)

R2 UI Assistant Service; C:\Program Files\T-Mobile-Internet-Manager_021211\AssistantServices.exe [241664 2009-03-30] ()

S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG)

R2 WTGService; C:\Program Files\XSManager\WTGService.exe [329168 2010-04-12] ()

R2 XS Stick Service; C:\windows\service4g.exe [145064 2010-04-30] (4G Systems GmbH & Co. KG)
 

==================== Drivers (Whitelisted) ====================
 

R2 ACEDRV09; C:\windows\system32\drivers\ACEDRV09.sys [110304 2012-05-05] (Protect Software GmbH)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-08] (Avira GmbH)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-08] (Avira GmbH)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-11] (Avira GmbH)

R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)

R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.)

S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)

S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2012-01-17] (Mobile Connector)

S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.)

R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [116008 2010-11-13] (ELAN Microelectronics Corp.)

R3 odysseyIM4; C:\Windows\System32\DRIVERS\odysseyIM4.sys [173056 2005-06-10] (Funk Software, Inc.)

S3 rsct_dev; C:\Windows\System32\DRIVERS\rsct_dev.sys [11776 2007-05-31] (REINER SCT)

S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-09-29] (Windows (R) 2003 DDK 3790 provider)

R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2010-10-07] (SAMSUNG ELECTRONICS)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)

R2 SSPORT; C:\windows\system32\Drivers\SSPORT.sys [5120 2009-03-02] (Samsung Electronics)

S3 catchme; \??\C:\Users\***\AppData\Local\Temp\catchme.sys [x]

S1 rsct_bus; system32\DRIVERS\rsct_bus.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-06-20 09:01 - 2013-06-20 09:01 - 00000000 ____D C:\Users\***\SecurityCheck_200613

2013-06-19 18:07 - 2013-06-19 18:07 - 00000000 ____D C:\Users\***\Eset Online Scanner_190613

2013-06-19 17:31 - 2013-06-19 17:31 - 00001077 ____A C:\Users\***\Desktop\JRT.txt

2013-06-19 17:26 - 2013-06-19 17:26 - 00000000 ____D C:\Windows\ERUNT

2013-06-19 17:25 - 2013-06-19 17:25 - 00000000 ____D C:\JRT

2013-06-19 17:22 - 2013-06-19 17:34 - 00000000 ____D C:\Users\***\Junkware Removal Tool_190613

2013-06-19 16:59 - 2013-06-19 16:59 - 00001091 ____A C:\AdwCleaner[S1].txt

2013-06-19 16:57 - 2013-06-19 17:09 - 00000000 ____D C:\Users\***\AdwCleaner_190613

2013-06-19 15:29 - 2013-06-19 15:29 - 00016997 ____A C:\ComboFix.txt

2013-06-19 10:58 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe

2013-06-19 10:58 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe

2013-06-19 10:58 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2013-06-19 10:58 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2013-06-19 10:58 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2013-06-19 10:58 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe

2013-06-19 10:58 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe

2013-06-19 10:58 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe

2013-06-19 10:57 - 2013-06-19 15:29 - 00000000 ____D C:\Qoobox

2013-06-19 10:57 - 2013-06-19 11:31 - 00000000 ____D C:\Windows\erdnt

2013-06-19 10:42 - 2013-06-19 15:45 - 00000000 ____D C:\Users\***\ComboFix_190613

2013-06-18 23:41 - 2013-06-18 23:41 - 00000000 ____D C:\190613

2013-06-18 22:43 - 2013-06-18 22:43 - 00000000 ____D C:\FRST

2013-06-18 22:39 - 2013-06-20 10:13 - 00000000 ____D C:\Users\***\Farbar Recovery Scan Tool_200613

2013-06-18 19:44 - 2013-06-18 20:02 - 00000000 ____D C:\Users\***\gmer 2.1.19163_180613

2013-06-18 19:42 - 2013-06-18 19:42 - 00377856 ____A C:\Users\***\Downloads\gmer_2.1.19163.exe

2013-06-18 18:01 - 2013-06-18 18:33 - 00000000 ____D C:\Users\***\OTL_180613

2013-06-18 18:00 - 2013-06-18 18:00 - 00602112 ____A (OldTimer Tools) C:\Users\***\Downloads\OTL.exe

2013-06-18 17:58 - 2013-06-18 17:58 - 00000000 ____A C:\Users\***\defogger_reenable

2013-06-18 17:55 - 2013-06-18 17:58 - 00000000 ____D C:\Users\***\defogger_180613

2013-06-18 17:48 - 2013-06-18 17:48 - 00050477 ____A C:\Users\***\Downloads\Defogger.exe

2013-06-17 15:05 - 2013-06-17 15:05 - 00001273 ____A C:\Users\***\Desktop\Scratch.lnk

2013-06-17 15:05 - 2013-06-17 15:05 - 00000000 ____D C:\Users\***\Documents\Scratch Projects

2013-06-17 15:02 - 2013-06-17 15:04 - 00000000 ____D C:\Program Files\Scratch 1.4_170613

2013-06-17 14:59 - 2013-06-17 14:59 - 00000000 ____D C:\170613

2013-06-12 22:12 - 2013-06-12 22:13 - 05800064 ____A (Igor Pavlov) C:\Users\***\Downloads\MailStoreHomeSetup-8.0.5.8779.exe

2013-06-12 22:04 - 2013-06-12 22:05 - 00000000 ____D C:\08-dat_120613

2013-06-12 11:10 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-12 11:10 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-12 11:10 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-12 11:10 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-12 11:10 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-12 11:10 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-12 11:01 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-06-12 11:01 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-06-12 11:01 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-06-12 11:01 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-06-12 11:00 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-06-12 11:00 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-06-12 11:00 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-06-12 11:00 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-06-12 11:00 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-06-12 11:00 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-12 05:59 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2013-06-12 05:59 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2013-06-12 05:59 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2013-06-12 05:59 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe

2013-06-12 05:59 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll

2013-06-12 05:59 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

2013-06-12 05:59 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

2013-06-12 05:59 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-06-12 05:59 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-06-12 05:59 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-06-12 05:59 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-06-12 05:57 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-06-11 23:10 - 2013-06-13 00:33 - 00000000 ____D C:\ProgramData\firebird

2013-06-11 23:02 - 2013-06-11 23:05 - 00000000 ____D C:\Program Files\MailStore-8.0.5.8779_110613

2013-06-11 09:08 - 2013-06-13 08:50 - 00000000 ____D C:\120613

2013-06-11 09:05 - 2013-06-11 09:10 - 00000000 ____D C:\110613

2013-06-05 21:52 - 2013-06-05 21:52 - 04808816 ____A (FileZilla Project) C:\Users\***\Downloads\FileZilla_3.7.0.2_win32-setup.exe

2013-05-28 15:44 - 2013-05-28 15:45 - 00000000 ____D C:\Users\***\AppData\Roaming\Mozilla

2013-05-28 15:44 - 2013-05-28 15:44 - 00001144 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-05-28 15:44 - 2013-05-28 15:44 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-05-27 13:40 - 2013-05-27 13:40 - 00000000 ____D C:\Users\***\AppData\Local\Tracker Software

2013-05-22 13:36 - 2013-05-22 13:36 - 00000000 ___HD C:\Users\***\Documents\Freemake_do_not_remove_this_folder635048266199573803

2013-05-22 12:06 - 2013-05-22 12:06 - 00002430 ____A C:\Users\***\Desktop\Free Video Dub.lnk

2013-05-22 12:05 - 2013-05-22 12:06 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
 

==================== One Month Modified Files and Folders ========
 

2013-06-20 10:13 - 2013-06-18 22:39 - 00000000 ____D C:\Users\***\Farbar Recovery Scan Tool_200613

2013-06-20 10:10 - 2011-10-17 14:56 - 00000000 ____D C:\users\***

2013-06-20 10:09 - 2011-11-11 17:35 - 00000000 ____D C:\Users\***\AppData\Local\Google

2013-06-20 09:59 - 2012-04-02 09:46 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-20 09:17 - 2011-11-11 17:35 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-06-20 09:02 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-20 09:02 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-20 09:01 - 2013-06-20 09:01 - 00000000 ____D C:\Users\***\SecurityCheck_200613

2013-06-20 09:00 - 2011-07-26 04:16 - 01806061 ____A C:\Windows\WindowsUpdate.log

2013-06-20 08:50 - 2011-11-11 17:35 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-20 08:50 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-20 08:50 - 2009-07-14 06:39 - 00083371 ____A C:\Windows\setupact.log

2013-06-20 08:49 - 2010-11-20 23:48 - 00047042 ____A C:\Windows\PFRO.log

2013-06-20 03:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-06-20 03:03 - 2010-11-20 23:01 - 01520006 ____A C:\Windows\System32\PerfStringBackup.INI

2013-06-19 18:07 - 2013-06-19 18:07 - 00000000 ____D C:\Users\***\Eset Online Scanner_190613

2013-06-19 17:34 - 2013-06-19 17:22 - 00000000 ____D C:\Users\***\Junkware Removal Tool_190613

2013-06-19 17:31 - 2013-06-19 17:31 - 00001077 ____A C:\Users\***\Desktop\JRT.txt

2013-06-19 17:26 - 2013-06-19 17:26 - 00000000 ____D C:\Windows\ERUNT

2013-06-19 17:25 - 2013-06-19 17:25 - 00000000 ____D C:\JRT

2013-06-19 17:09 - 2013-06-19 16:57 - 00000000 ____D C:\Users\***\AdwCleaner_190613

2013-06-19 16:59 - 2013-06-19 16:59 - 00001091 ____A C:\AdwCleaner[S1].txt

2013-06-19 15:45 - 2013-06-19 10:42 - 00000000 ____D C:\Users\***\ComboFix_190613

2013-06-19 15:29 - 2013-06-19 15:29 - 00016997 ____A C:\ComboFix.txt

2013-06-19 15:29 - 2013-06-19 10:57 - 00000000 ____D C:\Qoobox

2013-06-19 15:23 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini

2013-06-19 12:20 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache

2013-06-19 11:36 - 2009-07-14 04:37 - 00000000 __RHD C:\users\Default

2013-06-19 11:36 - 2009-07-14 04:37 - 00000000 ___RD C:\users\Public

2013-06-19 11:31 - 2013-06-19 10:57 - 00000000 ____D C:\Windows\erdnt

2013-06-18 23:41 - 2013-06-18 23:41 - 00000000 ____D C:\190613

2013-06-18 22:43 - 2013-06-18 22:43 - 00000000 ____D C:\FRST

2013-06-18 20:49 - 2011-07-18 13:52 - 00000000 ____D C:\12-doc_180711

2013-06-18 20:02 - 2013-06-18 19:44 - 00000000 ____D C:\Users\***\gmer 2.1.19163_180613

2013-06-18 19:42 - 2013-06-18 19:42 - 00377856 ____A C:\Users\***\Downloads\gmer_2.1.19163.exe

2013-06-18 18:33 - 2013-06-18 18:01 - 00000000 ____D C:\Users\***\OTL_180613

2013-06-18 18:00 - 2013-06-18 18:00 - 00602112 ____A (OldTimer Tools) C:\Users\***\Downloads\OTL.exe

2013-06-18 17:58 - 2013-06-18 17:58 - 00000000 ____A C:\Users\***\defogger_reenable

2013-06-18 17:58 - 2013-06-18 17:55 - 00000000 ____D C:\Users\***\defogger_180613

2013-06-18 17:48 - 2013-06-18 17:48 - 00050477 ____A C:\Users\***\Downloads\Defogger.exe

2013-06-17 19:46 - 2011-10-19 17:50 - 00000000 ____D C:\Users\***\AppData\Local\FreePDF_XP

2013-06-17 18:41 - 2011-07-21 12:18 - 00000000 ____D C:\60-sse_210711

2013-06-17 18:24 - 2012-09-24 14:31 - 00000000 ____D C:\Program Files\StarMoney Business 5.0 Deutsche Bank Edition

2013-06-17 15:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\NDF

2013-06-17 15:05 - 2013-06-17 15:05 - 00001273 ____A C:\Users\***\Desktop\Scratch.lnk

2013-06-17 15:05 - 2013-06-17 15:05 - 00000000 ____D C:\Users\***\Documents\Scratch Projects

2013-06-17 15:04 - 2013-06-17 15:02 - 00000000 ____D C:\Program Files\Scratch 1.4_170613

2013-06-17 14:59 - 2013-06-17 14:59 - 00000000 ____D C:\170613

2013-06-13 18:24 - 2011-07-18 13:56 - 00000000 ____D C:\39-pdf_150711

2013-06-13 08:50 - 2013-06-11 09:08 - 00000000 ____D C:\120613

2013-06-13 00:33 - 2013-06-11 23:10 - 00000000 ____D C:\ProgramData\firebird

2013-06-12 22:13 - 2013-06-12 22:12 - 05800064 ____A (Igor Pavlov) C:\Users\***\Downloads\MailStoreHomeSetup-8.0.5.8779.exe

2013-06-12 22:05 - 2013-06-12 22:04 - 00000000 ____D C:\08-dat_120613

2013-06-12 21:16 - 2012-03-13 14:17 - 00007600 ____A C:\Users\***\AppData\Local\Resmon.ResmonCfg

2013-06-12 19:30 - 2011-10-20 12:04 - 00002267 ____A C:\Users\Public\Desktop\CDBurnerXP.lnk

2013-06-12 19:24 - 2011-10-19 21:31 - 00000000 ____D C:\Users\***\AppData\Roaming\FileZilla

2013-06-12 19:08 - 2011-07-18 13:53 - 00000000 ____D C:\21-html_150711

2013-06-12 11:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE

2013-06-12 11:02 - 2011-10-18 17:05 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-06-12 06:59 - 2012-04-02 09:46 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-06-12 06:59 - 2011-10-18 09:39 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-06-11 23:05 - 2013-06-11 23:02 - 00000000 ____D C:\Program Files\MailStore-8.0.5.8779_110613

2013-06-11 09:10 - 2013-06-11 09:05 - 00000000 ____D C:\110613

2013-06-10 09:16 - 2011-11-04 11:30 - 00000000 ____D C:\90-jpg_full_180711

2013-06-08 13:42 - 2013-06-12 11:10 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-08 13:40 - 2013-06-12 11:10 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-08 13:40 - 2013-06-12 11:10 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-08 13:40 - 2013-06-12 11:10 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-08 13:40 - 2013-06-12 11:10 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-08 13:13 - 2013-06-12 11:10 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-05 21:53 - 2013-04-15 08:58 - 00000000 ____D C:\Program Files\FileZilla-3.6.0.2._150413

2013-06-05 21:52 - 2013-06-05 21:52 - 04808816 ____A (FileZilla Project) C:\Users\***\Downloads\FileZilla_3.7.0.2_win32-setup.exe

2013-06-03 21:17 - 2011-07-18 13:53 - 00000000 ____D C:\18-gif_180711

2013-06-01 12:50 - 2011-07-18 13:58 - 00000000 ____D C:\54-rtf_150711

2013-05-28 15:45 - 2013-05-28 15:44 - 00000000 ____D C:\Users\***\AppData\Roaming\Mozilla

2013-05-28 15:44 - 2013-05-28 15:44 - 00001144 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-05-28 15:44 - 2013-05-28 15:44 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-05-28 14:59 - 2011-07-18 13:57 - 00000000 ____D C:\51-pst_180711

2013-05-27 13:40 - 2013-05-27 13:40 - 00000000 ____D C:\Users\***\AppData\Local\Tracker Software

2013-05-24 21:56 - 2012-05-22 10:08 - 00000000 ____D C:\ProgramData\Lexware

2013-05-24 15:06 - 2011-12-14 21:08 - 00002226 ____A C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2012.lnk

2013-05-22 13:36 - 2013-05-22 13:36 - 00000000 ___HD C:\Users\***\Documents\Freemake_do_not_remove_this_folder635048266199573803

2013-05-22 12:06 - 2013-05-22 12:06 - 00002430 ____A C:\Users\***\Desktop\Free Video Dub.lnk

2013-05-22 12:06 - 2013-05-22 12:05 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft

2013-05-22 12:05 - 2012-12-31 20:35 - 00000000 ____D C:\Program Files\FreeVideoDub 2.0.18.430_220513

2013-05-22 12:05 - 2011-10-21 10:09 - 00000000 ____D C:\Users\***\AppData\Roaming\DVDVideoSoft
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-06-13 17:11
 

==================== End Of Log ============================

--- --- ---