Trojaner-Board - Vista laptop nimmt keine clicks auf Programmsymbole an

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Vista laptop nimmt keine clicks auf Programmsymbole an (https://www.trojaner-board.de/143392-vista-laptop-nimmt-keine-clicks-programmsymbole.html)

Vista laptop nimmt keine clicks auf Programmsymbole an

Hi,
habe heute einen vista laptop zur Begutachtung, der nicht oder nur erschwert Mausklicks auf desktopsymbole (Programme) annimmt.
1. Bemerkung: Fetsplattenled blinkt auch bei ruhendem Desktop
2. Mbam findet 54 Instanzen von pup.optional.conduit.a - habe ich bereinigt - und gleichzeitig den tempordner wo ca. 1 GB drin war glöscht und Papierkorb (ca. 5-6GB) gleich mit.
dann gmer gestartet,
hier das resultat:
GMER Logfile:

Code:

GMER 2.1.19163 - hxxp://www.gmer.net

Rootkit scan 2013-10-21 21:58:31

Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL03 149,05GB

Running: d3tfuuts.exe; Driver: C:\Users\whw\AppData\Local\Temp\pxdiifod.sys
 
 

---- Kernel code sections - GMER 2.1 ----
 

?               System32\drivers\wruo.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !

.text           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                           section is writeable [0x88553000, 0x4036D, 0xE8000020]

.dsrt           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                           unknown last section [0x8859C000, 0x510, 0x40000040]
 

---- Devices - GMER 2.1 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                             Wdf01000.sys

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                             Wdf01000.sys
 

---- Registry - GMER 2.1 ----
 

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat                             0x1A 0xC1 0x09 0xCB ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0x2E 0xE8 0xE1 0x00 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x71 0x3B 0x04 0x66 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0xFF 0x7C 0x85 0xE0 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x6B 0x65 0x49 0x6A ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xCD 0x44 0xCD 0xB9 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0x50 0x93 0xE5 0xAB ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0x31 0x77 0xE1 0xBA ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x01 0x3A 0x48 0xFC ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xF6 0x0F 0x4E 0x58 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0xB1 0xCD 0x45 0x5A ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0xE3 0x0E 0x66 0xD5 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0xFA 0xEA 0x66 0x7F ...
 

---- EOF - GMER 2.1 ----

--- --- ---

Ist da noch ein rootkit drin?
danke und Grüße
Wolfgang
ps frst logfiles habe ich auch, angehängt
http://www.trojaner-board.de/attachm...1&d=1382386901
und
hxxp://www.trojaner-board.de/attachment.php?attachmentid=61365&stc=1&d=1382386914

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013

Ran by Margret (administrator) on MARGRET-PC on 21-10-2013 20:47:51

Running from C:\Users\Margret\Downloads

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

() C:\Program Files\ATK Hotkey\ASLDRSrv.exe

(Adobe Systems Incorporated) C:\Programme\Adobe\Photoshop Album Starter Edition\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

(Agere Systems) C:\Windows\system32\agrsmsvc.exe

(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

(ATK0100) C:\Program Files\ATK Hotkey\Hcontrol.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe

() C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

() C:\Program Files\ATK Hotkey\ATKOSD.exe

(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin

(Microsoft Corporation) C:\Windows\ehome\ehsched.exe

(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\system32\conime.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [894248 2007-06-22] (Synaptics, Inc.)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)

HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.)

HKLM\...\Run: [NDSTray.exe] - NDSTray.exe

HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [622592 2006-11-24] (Brother Industries, Ltd.)

HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [65536 2006-07-19] (Brother Industries, Ltd.)

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [TrayServer] - C:\Program Files\MAGIX\Filme_auf_DVD_DLV\TrayServer.exe [90112 2008-01-17] (MAGIX AG)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)

HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

HKCU\...\Run: [TOSCDSPD] - TOSCDSPD.EXE

HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-06-27] ()

HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-06-27] ()

HKU\Stephan\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Stephan\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-06-27] ()

HKU\Stephan\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)

HKU\Stephan.Margret-PC\...\Run: [TOSCDSPD] - TOSCDSPD.EXE

HKU\Stephan.Margret-PC\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)

HKU\Stephan.Margret-PC\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-04-19] (Skype Technologies S.A.)

HKU\whw\...\Run: [TOSCDSPD] - TOSCDSPD.EXE

HKU\whw\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)

HKU\whw\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)

HKU\whw\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-04-19] (Skype Technologies S.A.)

Startup: C:\Users\Margret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (No File)

Startup: C:\Users\Margret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

Startup: C:\Users\Stephan.Margret-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk

ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

Startup: C:\Users\Stephan.Margret-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481020

URLSearchHook: (No Name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} -  No File

URLSearchHook: (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File

SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020

SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020

SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020

BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.252
 

FireFox:

========

FF ProfilePath: C:\Users\Margret\AppData\Roaming\Mozilla\Firefox\Profiles\c09o6s33.default

FF Homepage: hxxp://br.de

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Microsoft .NET Framework Assistant - C:\Users\Margret\AppData\Roaming\Mozilla\Firefox\Profiles\c09o6s33.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF Extension: No Name - C:\Users\Margret\AppData\Roaming\Mozilla\Firefox\Profiles\c09o6s33.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

========================== Services (Whitelisted) =================
 

R2 AdobeActiveFileMonitor8.0; C:\Programme\Adobe\Photoshop Album Starter Edition\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-06] (Adobe Systems Incorporated)

R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] ()

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)

S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

S2 Automatisches LiveUpdate - Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [x]
 

==================== Drivers (Whitelisted) ====================
 

R3 ASAPIW2k; C:\Windows\System32\drivers\ASAPIW2k.sys [11264 2005-05-26] (VOB Computersysteme GmbH)

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)

S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [23168 2009-01-19] (eMPIA Technology, Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-10-21] (Malwarebytes Corporation)

R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)

S3 PinnacleMicroTV; C:\Windows\System32\DRIVERS\MicroTV.sys [122368 2006-04-06] (Pinnacle Systems GmbH)

S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [476288 2009-01-19] (eMPIA Technology, Inc.)

S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [38656 2009-01-19] (eMPIA Technology, Inc.)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-21 20:47 - 2013-10-21 20:47 - 01087515 _____ (Farbar) C:\Users\Margret\Downloads\FRST.exe

2013-10-21 20:47 - 2013-10-21 20:47 - 00000000 ____D C:\FRST

2013-10-21 20:28 - 2013-10-21 20:29 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys

2013-10-21 20:28 - 2013-10-21 20:28 - 00000911 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-21 20:28 - 2013-10-21 20:28 - 00000000 ____D C:\Users\Margret\AppData\Roaming\Malwarebytes

2013-10-21 20:28 - 2013-10-21 20:28 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-21 20:28 - 2013-10-21 20:28 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-21 20:28 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-21 20:27 - 2013-10-21 20:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Margret\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-21 20:27 - 2013-10-21 20:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Margret\Downloads\mbam-setup-1.75.0.1300(1).exe

2013-10-20 20:22 - 2013-10-20 20:22 - 00000752 _____ C:\Users\Public\Desktop\VLC media player.lnk

2013-10-20 20:18 - 2013-10-20 20:18 - 24278649 _____ C:\Users\Margret\Downloads\vlc-2.1.0-win32.exe

2013-10-20 20:15 - 2013-10-20 20:15 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-10-20 19:59 - 2013-10-20 20:00 - 00000000 ____D C:\Users\Margret\Desktop\OpenOffice 4.0.1 (de) Installation Files

2013-10-20 19:28 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-20 19:28 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-20 19:28 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-20 19:28 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-10-20 19:28 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-20 19:28 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-20 19:28 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-10-20 19:28 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-20 19:28 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-10-20 19:28 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-20 19:28 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-10-20 19:28 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-20 19:28 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-20 19:28 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-20 19:28 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-10-20 19:28 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-20 19:00 - 2013-10-20 19:00 - 00000000 ____D C:\Users\whw\AppData\Roaming\Real

2013-10-18 18:14 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll

2013-10-18 18:14 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll

2013-10-18 18:14 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll

2013-10-18 18:14 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll

2013-10-18 18:14 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2013-10-18 18:14 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

2013-10-18 18:14 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2013-10-18 18:14 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-10-18 18:14 - 2013-08-27 03:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2013-10-18 18:14 - 2013-08-01 05:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-18 18:14 - 2013-08-01 04:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2013-10-18 18:14 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-18 18:14 - 2013-07-03 04:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2013-10-18 18:14 - 2013-07-03 04:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-18 18:13 - 2013-08-29 09:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-18 18:13 - 2013-07-12 11:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys

2013-10-18 18:13 - 2013-07-12 11:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys

2013-10-18 18:13 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-18 18:13 - 2013-06-29 04:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2013-10-18 18:13 - 2013-06-29 04:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2013-10-18 18:13 - 2013-06-29 04:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2013-10-18 18:13 - 2013-06-29 04:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2013-10-18 18:13 - 2013-06-27 01:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-18 18:13 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-18 18:13 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-18 18:13 - 2011-05-05 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2013-10-18 18:13 - 2011-05-05 15:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2013-09-30 15:55 - 2013-10-20 19:34 - 00000000 ____D C:\Windows\system32\MRT
 

==================== One Month Modified Files and Folders =======
 

2013-10-21 20:47 - 2013-10-21 20:47 - 01087515 _____ (Farbar) C:\Users\Margret\Downloads\FRST.exe

2013-10-21 20:47 - 2013-10-21 20:47 - 00000000 ____D C:\FRST

2013-10-21 20:29 - 2013-10-21 20:28 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys

2013-10-21 20:28 - 2013-10-21 20:28 - 00000911 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-21 20:28 - 2013-10-21 20:28 - 00000000 ____D C:\Users\Margret\AppData\Roaming\Malwarebytes

2013-10-21 20:28 - 2013-10-21 20:28 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-21 20:28 - 2013-10-21 20:28 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-21 20:27 - 2013-10-21 20:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Margret\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-21 20:27 - 2013-10-21 20:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Margret\Downloads\mbam-setup-1.75.0.1300(1).exe

2013-10-21 20:26 - 2007-12-26 14:48 - 01275737 _____ C:\Windows\WindowsUpdate.log

2013-10-21 20:24 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-10-21 20:23 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-21 20:23 - 2006-11-02 14:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-21 20:23 - 2006-11-02 14:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-21 20:19 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-20 21:20 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-10-20 21:17 - 2006-11-02 14:47 - 00315168 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-20 20:25 - 2013-05-14 18:49 - 00000000 ____D C:\Program Files\Real

2013-10-20 20:25 - 2013-05-14 18:48 - 00000000 ____D C:\Users\Margret\AppData\Roaming\Real

2013-10-20 20:25 - 2013-05-14 18:44 - 00000000 ____D C:\ProgramData\Real

2013-10-20 20:22 - 2013-10-20 20:22 - 00000752 _____ C:\Users\Public\Desktop\VLC media player.lnk

2013-10-20 20:22 - 2007-12-27 08:38 - 00000000 ____D C:\Users\Margret\AppData\Roaming\vlc

2013-10-20 20:18 - 2013-10-20 20:18 - 24278649 _____ C:\Users\Margret\Downloads\vlc-2.1.0-win32.exe

2013-10-20 20:17 - 2013-01-18 14:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-10-20 20:15 - 2013-10-20 20:15 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-10-20 20:14 - 2013-08-18 15:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-10-20 20:14 - 2011-06-10 18:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-10-20 20:14 - 2007-12-26 22:18 - 00000000 ____D C:\Users\Margret\AppData\Local\Adobe

2013-10-20 20:00 - 2013-10-20 19:59 - 00000000 ____D C:\Users\Margret\Desktop\OpenOffice 4.0.1 (de) Installation Files

2013-10-20 19:34 - 2013-09-30 15:55 - 00000000 ____D C:\Windows\system32\MRT

2013-10-20 19:31 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2013-10-20 19:01 - 2008-12-26 14:38 - 00000000 ____D C:\Users\whw\AppData\Roaming\Skype

2013-10-20 19:00 - 2013-10-20 19:00 - 00000000 ____D C:\Users\whw\AppData\Roaming\Real

2013-10-20 19:00 - 2007-12-26 14:58 - 00000954 _____ C:\Users\whw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-09-30 15:39 - 2007-12-26 22:06 - 00221184 _____ C:\Users\Margret\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-09-22 12:29 - 2013-10-20 19:28 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-09-22 12:22 - 2013-10-20 19:28 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-09-22 12:22 - 2013-10-20 19:28 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-09-22 12:14 - 2013-10-20 19:28 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-09-22 12:13 - 2013-10-20 19:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-09-22 12:13 - 2013-10-20 19:28 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-09-22 12:12 - 2013-10-20 19:28 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-09-22 12:09 - 2013-10-20 19:28 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-09-22 12:08 - 2013-10-20 19:28 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-09-22 12:07 - 2013-10-20 19:28 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-09-22 12:06 - 2013-10-20 19:28 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-09-22 12:05 - 2013-10-20 19:28 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-09-22 12:03 - 2013-10-20 19:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-09-22 12:03 - 2013-10-20 19:28 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-09-22 12:03 - 2013-10-20 19:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-09-22 11:59 - 2013-10-20 19:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
 

Files to move or delete:

====================

C:\Users\Margret\Schlecker_Fotoservice.exe
 
 

Some content of TEMP:

====================

C:\Users\Margret\AppData\Local\Temp\Connection.dll

C:\Users\Margret\AppData\Local\Temp\Dbwork.dll

C:\Users\Margret\AppData\Local\Temp\Dialogs.dll

C:\Users\Margret\AppData\Local\Temp\ffunzip.exe

C:\Users\Margret\AppData\Local\Temp\FlashPlayerUpdate.exe

C:\Users\Margret\AppData\Local\Temp\FlashPlayerUpdate01.exe

C:\Users\Margret\AppData\Local\Temp\GLFF220.tmp.ConduitEngineSetup.exe

C:\Users\Margret\AppData\Local\Temp\IPC.dll

C:\Users\Margret\AppData\Local\Temp\Jobs.dll

C:\Users\Margret\AppData\Local\Temp\libeay32.dll

C:\Users\Margret\AppData\Local\Temp\mfc80.dll

C:\Users\Margret\AppData\Local\Temp\msvcp80.dll

C:\Users\Margret\AppData\Local\Temp\msvcr80.dll

C:\Users\Margret\AppData\Local\Temp\Myashampoo.exe

C:\Users\Margret\AppData\Local\Temp\ose00000.exe

C:\Users\Margret\AppData\Local\Temp\Permissions.dll

C:\Users\Margret\AppData\Local\Temp\QFA.EXE

C:\Users\Margret\AppData\Local\Temp\QfaInvoke.dll

C:\Users\Margret\AppData\Local\Temp\Report.dll

C:\Users\Margret\AppData\Local\Temp\SkinMagic.dll

C:\Users\Margret\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Margret\AppData\Local\Temp\Smarti.dll

C:\Users\Margret\AppData\Local\Temp\SmartiComm.dll

C:\Users\Margret\AppData\Local\Temp\SmartIcon.exe

C:\Users\Margret\AppData\Local\Temp\SmartSurfer.exe

C:\Users\Margret\AppData\Local\Temp\smurf.dll

C:\Users\Margret\AppData\Local\Temp\SmurfService.dll

C:\Users\Margret\AppData\Local\Temp\SmurfService.exe

C:\Users\Margret\AppData\Local\Temp\SmurfUpd.exe

C:\Users\Margret\AppData\Local\Temp\SmurfUpdEng.exe

C:\Users\Margret\AppData\Local\Temp\Sqlite.dll

C:\Users\Margret\AppData\Local\Temp\ssleay32.dll

C:\Users\Margret\AppData\Local\Temp\stubhelper.dll

C:\Users\Margret\AppData\Local\Temp\symlcsv1.exe

C:\Users\Margret\AppData\Local\Temp\tbAsha.dll

C:\Users\Margret\AppData\Local\Temp\tbMyAs.dll

C:\Users\Margret\AppData\Local\Temp\Threads.dll

C:\Users\Margret\AppData\Local\Temp\Uninstall.exe

C:\Users\Margret\AppData\Local\Temp\Utils.dll

C:\Users\Margret\AppData\Local\Temp\Vars.dll

C:\Users\Margret\AppData\Local\Temp\WEBDE_ServiceInstall.exe

C:\Users\Margret\AppData\Local\Temp\Wizzard.dll

C:\Users\Margret\AppData\Local\Temp\xmlparse.dll

C:\Users\Margret\AppData\Local\Temp\xmltok.dll

C:\Users\Margret\AppData\Local\Temp\_is7B57.exe

C:\Users\Stephan.Margret-PC\AppData\Local\Temp\SkypeSetup.exe

C:\Users\whw\AppData\Local\Temp\FlashPlayerUpdate.exe

C:\Users\whw\AppData\Local\Temp\SymLCSVC.EXE

C:\Users\whw\AppData\Local\Temp\unwise.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-21 20:29
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-10-2013

Ran by Margret at 2013-10-21 20:48:50

Running from C:\Users\Margret\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Accessibility (Version: 1.39.0.22)

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2)

Adobe Digital Editions

Adobe Flash Player 11 Plugin (Version: 11.9.900.117)

Adobe Photoshop Elements 8.0 (Version: 8.0)

Adobe Reader 8.1.2 - Deutsch (Version: 8.1.2)

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Atheros Driver Installation Program (Version: 7.1)

ATK Hotkey (Version: 1.00.0012)

Brother MFL-Pro Suite (Version: 1.00)

CD/DVD Drive Acoustic Silencer (Version: 2.01.03)

Click to Call with Skype (Version: 5.5.8013)

DVD MovieFactory for TOSHIBA (Version: 5.3)

eSupport UndeletePlus 3.0.2.406

Firebird SQL Server - MAGIX Edition (Version: 2.1.27.0)

Forte 3 - Free Edition (Version: 3)

GIMP 2.4.2

Intel(R) Graphics Media Accelerator Driver

Intel(R) Matrix Storage Manager

Java Auto Updater (Version: 2.0.2.4)

Java(TM) 6 Update 22 (Version: 6.0.220)

Java(TM) SE Runtime Environment 6 (Version: 1.6.0.0)

MAGIX Filme auf DVD Download-Version (Version: 9.0.1.2)

MAGIX Online Druck Service (Version: 3.4.3.0)

MAGIX Screenshare (Version: 4.3.6.1987)

MAGIX Speed 2 (MSI) (Version: 6.0.1.4)

Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)

Microsoft .NET Framework 1.1 (Version: 1.1.4322)

Microsoft .NET Framework 1.1 Security Update (KB2833941)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft XML Parser (Version: 8.0.7820.0)

Microsoft XML Parser (Version: 8.20.8730.4)

Mozilla Firefox 24.0 (x86 de) (Version: 24.0)

Mozilla Maintenance Service (Version: 24.0)

Mozilla Thunderbird 17.0.7 (x86 de) (Version: 17.0.7)

MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)

MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)

MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)

Network Stumbler 0.4.0 (remove only)

OpenOffice.org 3.3 (Version: 3.3.9567)

Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)

Realtek High Definition Audio Driver (Version: 6.0.1.5449)

RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03 (Version: 3.33.03)

SCHLECKER Foto Digital Service

Skype™ 6.3 (Version: 6.3.107)

Synaptics Pointing Device Driver (Version: 10.0.3.0)

TOSHIBA Assist (Version: 2.00.03)

TOSHIBA Benutzerhandbücher (Version: 7.30)

TOSHIBA ConfigFree (Version: 7.00.32)

TOSHIBA Disc Creator (Version: 2.0.0.8)

TOSHIBA DVD PLAYER (Version: 1.10.07)

TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)

TOSHIBA SD Memory Utilities (Version: 1.8.1.1)

TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)

VLC media player 2.1.0 (Version: 2.1.0)

Webocton - Scriptly 0.8.95.6 (Version: 0.8.95.6)

Windows Media Encoder 9-Reihe

Windows Media Encoder 9-Reihe (Version: 9.00.3374)

WinRAR 4.20 (32-Bit) (Version: 4.20.0)

Zylom Games Player Plugin
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1             localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {3D13D6CD-DE57-4B71-8670-BFE1AA03EDF6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-575955839-1752149912-2225113436-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

Task: {3FA646CB-61D8-4ECD-A734-4D5233592A78} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)

Task: {ACAAB84A-4A60-4F72-9828-DED640771A17} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-575955839-1752149912-2225113436-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
 

==================== Loaded Modules (whitelisted) =============
 

2011-01-17 16:19 - 2011-01-17 16:19 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll

2013-10-20 20:15 - 2013-10-20 20:15 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (10/21/2013 08:46:35 PM) (Source: Application Error) (User: )

Description: Fehlerhafte Anwendung mbam.exe, Version 1.75.0.1, Zeitstempel 0x511f8eb2, fehlerhaftes Modul MSVBVM60.DLL, Version 6.0.98.2, Zeitstempel 0x4791a724, Ausnahmecode 0xc0000005, Fehleroffset 0x0005d26c,

Prozess-ID 0x870, Anwendungsstartzeit mbam.exe0.
 

Error: (10/21/2013 08:29:22 PM) (Source: LoadPerf) (User: )

Description: <16
 

Error: (10/21/2013 02:21:06 PM) (Source: LoadPerf) (User: )

Description: <16
 

Error: (10/20/2013 09:17:18 PM) (Source: .NET Runtime Optimization Service) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.

.
 

Error: (10/20/2013 08:23:25 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".

Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (10/20/2013 07:40:09 PM) (Source: LoadPerf) (User: )

Description: MSDTC Bridge 4.0.0.0MSDTC Bridge 4.0.0.08
 

Error: (10/20/2013 07:40:09 PM) (Source: LoadPerf) (User: )

Description: Performance16
 

Error: (10/20/2013 07:40:09 PM) (Source: LoadPerf) (User: )

Description: Performance16
 

Error: (10/20/2013 07:40:09 PM) (Source: LoadPerf) (User: )

Description: SMSvcHost 4.0.0.0SMSvcHost 4.0.0.08
 

Error: (10/20/2013 07:40:09 PM) (Source: LoadPerf) (User: )

Description: Performance16
 
 

System errors:

=============

Error: (10/21/2013 08:24:58 PM) (Source: Service Control Manager) (User: )

Description: Ricoh xD-Picture Card Driver%%1058
 

Error: (10/21/2013 08:24:58 PM) (Source: Service Control Manager) (User: )

Description: rimsptsk%%1058
 

Error: (10/21/2013 08:24:58 PM) (Source: Service Control Manager) (User: )

Description: rimmptsk%%1058
 

Error: (10/21/2013 08:24:58 PM) (Source: Service Control Manager) (User: )

Description: Automatisches LiveUpdate - Scheduler%%3
 

Error: (10/21/2013 02:16:47 PM) (Source: Service Control Manager) (User: )

Description: Ricoh xD-Picture Card Driver%%1058
 

Error: (10/21/2013 02:16:47 PM) (Source: Service Control Manager) (User: )

Description: rimsptsk%%1058
 

Error: (10/21/2013 02:16:47 PM) (Source: Service Control Manager) (User: )

Description: rimmptsk%%1058
 

Error: (10/21/2013 02:16:47 PM) (Source: Service Control Manager) (User: )

Description: Automatisches LiveUpdate - Scheduler%%3
 

Error: (10/20/2013 09:18:22 PM) (Source: Service Control Manager) (User: )

Description: Ricoh xD-Picture Card Driver%%1058
 

Error: (10/20/2013 09:18:22 PM) (Source: Service Control Manager) (User: )

Description: rimsptsk%%1058
 
 

Microsoft Office Sessions:

=========================

Error: (10/21/2013 08:46:35 PM) (Source: Application Error)(User: )

Description: mbam.exe1.75.0.1511f8eb2MSVBVM60.DLL6.0.98.24791a724c00000050005d26c87001cece8b7180695d
 

Error: (10/21/2013 08:29:22 PM) (Source: LoadPerf)(User: )

Description: <16
 

Error: (10/21/2013 02:21:06 PM) (Source: LoadPerf)(User: )

Description: <16
 

Error: (10/20/2013 09:17:18 PM) (Source: .NET Runtime Optimization Service)(User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.

.
 

Error: (10/20/2013 08:23:25 PM) (Source: SideBySide)(User: )

Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe
 

Error: (10/20/2013 07:40:09 PM) (Source: LoadPerf)(User: )

Description: MSDTC Bridge 4.0.0.0MSDTC Bridge 4.0.0.08
 

Error: (10/20/2013 07:40:09 PM) (Source: LoadPerf)(User: )

Description: Performance16
 

Error: (10/20/2013 07:40:09 PM) (Source: LoadPerf)(User: )

Description: Performance16
 

Error: (10/20/2013 07:40:09 PM) (Source: LoadPerf)(User: )

Description: SMSvcHost 4.0.0.0SMSvcHost 4.0.0.08
 

Error: (10/20/2013 07:40:09 PM) (Source: LoadPerf)(User: )

Description: Performance16
 
 

CodeIntegrity Errors:

===================================

  Date: 2013-02-23 18:22:48.432

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-02-23 18:22:47.953

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-02-23 18:22:47.445

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-02-23 18:22:46.798

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-02-23 18:22:46.205

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-05-31 20:20:37.775

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-05-31 20:20:37.311

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-05-31 20:20:36.788

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-05-31 20:20:36.409

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2010-06-11 19:23:48.931

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 58%

Total physical RAM: 2038.48 MB

Available physical RAM: 851.34 MB

Total Pagefile: 4318.23 MB

Available Pagefile: 2990.32 MB

Total Virtual: 2047.88 MB

Available Virtual: 1900.94 MB
 

==================== Drives ================================
 

Drive c: (Vista) (Fixed) (Total:74.52 GB) (Free:6.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive e: (Data) (Fixed) (Total:73.06 GB) (Free:41.87 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: D575E96F)

Partition 1: (Not Active) - (Size=1 GB) - (Type=27)

Partition 2: (Active) - (Size=75 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=73 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

bitteschön ...
Gr
Wolfgang

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

ok danke,
werde ich heute abend machen (bin noch auf Arbeit).
Gehe ich Recht in der Annahme dass der Rechner noch verseucht (mit was?) ist?
Grüße
Wolfgang

hier der gewünschte report
Combofix Logfile:

Code:

ComboFix 13-10-21.01 - whw 22.10.2013  19:14:43.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2038.837 [GMT 2:00]

ausgeführt von:: c:\users\whw\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\whw\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2

c:\users\whw\Favorites\mxfilerelatedcache.mxc2

c:\windows\system32\pt

c:\windows\system32\pt\toscdspd.cpl.mui

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-09-22 bis 2013-10-22  ))))))))))))))))))))))))))))))

.

.

2013-10-22 17:24 . 2013-10-22 17:29        --------        d-----w-        c:\users\whw\AppData\Local\temp

2013-10-22 17:24 . 2013-10-22 17:24        --------        d-----w-        c:\users\Stephan.Margret-PC\AppData\Local\temp

2013-10-22 17:24 . 2013-10-22 17:24        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-10-22 17:24 . 2013-10-22 17:24        --------        d-----w-        c:\users\Stephan\AppData\Local\temp

2013-10-22 17:24 . 2013-10-22 17:24        --------        d-----w-        c:\users\Margret\AppData\Local\temp

2013-10-21 19:30 . 2013-10-21 19:30        --------        d-----w-        c:\programdata\Oracle

2013-10-21 19:26 . 2013-10-21 19:25        94632        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

2013-10-21 19:16 . 2013-10-21 19:16        --------        d-----w-        c:\users\whw\AppData\Roaming\Malwarebytes

2013-10-21 18:47 . 2013-10-21 18:47        --------        d-----w-        C:\FRST

2013-10-21 18:28 . 2013-10-21 18:28        --------        d-----w-        c:\users\Margret\AppData\Roaming\Malwarebytes

2013-10-21 18:28 . 2013-10-21 18:28        --------        d-----w-        c:\programdata\Malwarebytes

2013-10-21 18:28 . 2013-10-21 18:28        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2013-10-21 18:28 . 2013-04-04 12:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys

2013-10-20 17:42 . 2013-10-15 23:20        7796464        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{21473E5B-9501-4866-A3EF-A804E9C40077}\mpengine.dll

2013-10-18 16:13 . 2013-08-29 07:36        2050048        ----a-w-        c:\windows\system32\win32k.sys

2013-10-18 16:13 . 2013-06-29 02:07        197632        ----a-w-        c:\windows\system32\drivers\usbhub.sys

2013-10-18 16:13 . 2013-06-29 02:07        73216        ----a-w-        c:\windows\system32\drivers\usbccgp.sys

2013-10-18 16:13 . 2013-06-29 02:07        226304        ----a-w-        c:\windows\system32\drivers\usbport.sys

2013-10-18 16:13 . 2013-06-29 02:06        6016        ----a-w-        c:\windows\system32\drivers\usbd.sys

2013-10-18 16:13 . 2011-05-05 13:54        39936        ----a-w-        c:\windows\system32\drivers\usbehci.sys

2013-10-18 16:13 . 2011-05-05 13:54        23552        ----a-w-        c:\windows\system32\drivers\usbuhci.sys

2013-10-18 16:13 . 2013-07-12 09:04        134272        ----a-w-        c:\windows\system32\drivers\usbvideo.sys

2013-10-18 16:13 . 2013-07-12 09:04        73344        ----a-w-        c:\windows\system32\drivers\USBAUDIO.sys

2013-10-18 16:13 . 2013-06-26 23:01        527064        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys

2013-10-18 16:13 . 2013-06-04 04:16        34304        ----a-w-        c:\windows\system32\atmlib.dll

2013-10-18 16:13 . 2013-06-04 01:49        293376        ----a-w-        c:\windows\system32\atmfd.dll

2013-10-18 16:13 . 2013-07-04 04:21        532480        ----a-w-        c:\windows\system32\comctl32.dll

2013-09-30 13:55 . 2013-10-20 17:34        --------        d-----w-        c:\windows\system32\MRT

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-20 18:14 . 2013-08-18 13:11        692616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2013-10-20 18:14 . 2011-06-10 16:55        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-03 12:35 . 2009-10-10 10:46        238872        ------w-        c:\windows\system32\MpSigStub.exe

2013-08-02 04:09 . 2013-08-28 12:12        1548288        ----a-w-        c:\windows\system32\WMVDECOD.DLL

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-22 894248]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]

"Skytel"="Skytel.exe" [2007-06-15 1826816]

"NDSTray.exe"="NDSTray.exe" [BU]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 622592]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]

"TrayServer"="c:\program files\MAGIX\Filme_auf_DVD_DLV\TrayServer.exe" [2008-01-17 90112]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

c:\users\Margret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\users\Stephan.Margret-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiSpywareOverride"=dword:00000001

.

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\programme\Adobe\Photoshop Album Starter Edition\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.252

FF - ProfilePath - c:\users\whw\AppData\Roaming\Mozilla\Firefox\Profiles\vn7hdf16.default\

FF - ExtSQL: !HIDDEN! 2009-12-26 20:25; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE

c:\users\Margret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr

SafeBoot-WudfPf

SafeBoot-WudfRd

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2013-10-22 19:28

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files\ATK Hotkey\ASLDRSrv.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe

c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files\ATK Hotkey\Hcontrol.exe

c:\program files\ATK Hotkey\ATKOSD.exe

c:\windows\system32\conime.exe

c:\windows\RtHDVCpl.exe

c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

c:\windows\ehome\ehsched.exe

c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Brother\ControlCenter3\brccMCtl.exe

c:\windows\ehome\ehRecvr.exe

c:\windows\ehome\ehmsas.exe

c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\servicing\TrustedInstaller.exe

c:\program files\Java\jre7\bin\javaws.exe

c:\program files\Java\jre7\bin\javaw.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-10-22  19:34:30 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-10-22 17:34

.

Vor Suchlauf: 7.281.766.400 Bytes frei

Nach Suchlauf: 7.566.622.720 Bytes frei

.

- - End Of File - - D014DF9A2A169B10A4AAABC4F2400333

--- --- ---
5C616939100B85E558DA92B899A0FC36

[/code]
Grüße
Wolfgang

Ja ist er, mit generischem Kram.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Teil 1 (mbam)

Code:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org
 

Database version: v2013.10.23.02
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

whw :: MARGRET-PC [administrator]
 

Protection: Disabled
 

23.10.2013 18:30:21

mbam-log-2013-10-23 (18-30-21).txt
 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 265602

Time elapsed: 9 minute(s), 33 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 0

(No malicious items detected)
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

(end)

Teil2 adw cleaner
AdwCleaner Logfile:

Code:

# AdwCleaner v3.010 - Bericht erstellt am 23/10/2013 um 18:46:01

# Updated 20/10/2013 von Xplode

# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# Benutzername : whw - MARGRET-PC

# Gestartet von : C:\Users\whw\Downloads\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com

Ordner Gelöscht : C:\Program Files\Conduit

Ordner Gelöscht : C:\Program Files\eSupport.com

Ordner Gelöscht : C:\Users\Margret\AppData\Local\Conduit

Ordner Gelöscht : C:\Users\Margret\AppData\LocalLow\Conduit
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2475029

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2481020

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MyAshampoo\toolbar

Schlüssel Gelöscht : HKLM\Software\Conduit
 

***** [ Browser ] *****
 

-\\ Internet Explorer v9.0.8112.16514
 
 

-\\ Mozilla Firefox v24.0 (de)
 

[ Datei : C:\Users\Margret\AppData\Roaming\Mozilla\Firefox\Profiles\c09o6s33.default\prefs.js ]
 

Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "Ashampoo DE Customized Web Search");

Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=3&q={searchTerms}");
 

[ Datei : C:\Users\whw\AppData\Roaming\Mozilla\Firefox\Profiles\vn7hdf16.default\prefs.js ]
 
 

[ Datei : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\k3ciwtsk.default\prefs.js ]
 
 

[ Datei : C:\Users\Stephan.Margret-PC\AppData\Roaming\Mozilla\Firefox\Profiles\ik8yvrfj.default\prefs.js ]
 
 

*************************
 

AdwCleaner[R0].txt - [2874 octets] - [23/10/2013 18:43:35]

AdwCleaner[S0].txt - [2722 octets] - [23/10/2013 18:46:01]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2782 octets] ##########

--- --- ---

aha, das waren die Reste von Toolbars etc...
Teil3
]code]JRT Logfile:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.7 (10.15.2013:3)

OS: Windows Vista (TM) Home Premium x86

Ran by whw on 23.10.2013 at 18:52:53,66

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\whw\AppData\Roaming\mozilla\firefox\profiles\vn7hdf16.default\minidumps [1 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 23.10.2013 at 18:55:44,97

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---
Teil 4: (FRST)

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01

Ran by whw (administrator) on MARGRET-PC on 23-10-2013 19:03:32

Running from C:\Users\whw\Downloads

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

() C:\Program Files\ATK Hotkey\ASLDRSrv.exe

(Adobe Systems Incorporated) C:\Programme\Adobe\Photoshop Album Starter Edition\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

(Agere Systems) C:\Windows\system32\agrsmsvc.exe

(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(ATK0100) C:\Program Files\ATK Hotkey\Hcontrol.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

() C:\Program Files\ATK Hotkey\ATKOSD.exe

(Microsoft Corporation) C:\Windows\ehome\ehsched.exe

(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe

(Microsoft Corporation) C:\Windows\system32\conime.exe

(Microsoft Corporation) C:\Windows\system32\cmd.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [894248 2007-06-22] (Synaptics, Inc.)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)

HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.)

HKLM\...\Run: [NDSTray.exe] - NDSTray.exe

HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [622592 2006-11-24] (Brother Industries, Ltd.)

HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [65536 2006-07-19] (Brother Industries, Ltd.)

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [TrayServer] - C:\Program Files\MAGIX\Filme_auf_DVD_DLV\TrayServer.exe [90112 2008-01-17] (MAGIX AG)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)

HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)

HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-06-27] ()

HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-06-27] ()

HKU\Margret\...\Run: [TOSCDSPD] - TOSCDSPD.EXE

HKU\Margret\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)

HKU\Stephan\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Stephan\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-06-27] ()

HKU\Stephan\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)

HKU\Stephan.Margret-PC\...\Run: [TOSCDSPD] - TOSCDSPD.EXE

HKU\Stephan.Margret-PC\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)

HKU\Stephan.Margret-PC\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-04-19] (Skype Technologies S.A.)

Startup: C:\Users\Margret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

Startup: C:\Users\Stephan.Margret-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk

ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

Startup: C:\Users\Stephan.Margret-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search

BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.252
 

FireFox:

========

FF ProfilePath: C:\Users\whw\AppData\Roaming\Mozilla\Firefox\Profiles\vn7hdf16.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Microsoft .NET Framework Assistant - C:\Users\whw\AppData\Roaming\Mozilla\Firefox\Profiles\vn7hdf16.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF Extension: No Name - C:\Users\whw\AppData\Roaming\Mozilla\Firefox\Profiles\vn7hdf16.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

========================== Services (Whitelisted) =================
 

R2 AdobeActiveFileMonitor8.0; C:\Programme\Adobe\Photoshop Album Starter Edition\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-06] (Adobe Systems Incorporated)

R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] ()

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)

S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

S2 Automatisches LiveUpdate - Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [x]
 

==================== Drivers (Whitelisted) ====================
 

R3 ASAPIW2k; C:\Windows\System32\drivers\ASAPIW2k.sys [11264 2005-05-26] (VOB Computersysteme GmbH)

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)

S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [23168 2009-01-19] (eMPIA Technology, Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)

S3 PinnacleMicroTV; C:\Windows\System32\DRIVERS\MicroTV.sys [122368 2006-04-06] (Pinnacle Systems GmbH)

S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [476288 2009-01-19] (eMPIA Technology, Inc.)

S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [38656 2009-01-19] (eMPIA Technology, Inc.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-23 19:03 - 2013-10-23 19:03 - 01088113 _____ (Farbar) C:\Users\whw\Downloads\FRST.exe

2013-10-23 18:55 - 2013-10-23 18:55 - 00001077 _____ C:\Users\whw\Desktop\JRT.txt

2013-10-23 18:52 - 2013-10-23 18:52 - 01033335 _____ (Thisisu) C:\Users\whw\Downloads\JRT.exe

2013-10-23 18:52 - 2013-10-23 18:52 - 00000000 ____D C:\Windows\ERUNT

2013-10-23 18:43 - 2013-10-23 18:46 - 00000000 ____D C:\AdwCleaner

2013-10-23 18:43 - 2013-10-23 18:43 - 01060070 _____ C:\Users\whw\Downloads\adwcleaner.exe

2013-10-22 19:34 - 2013-10-22 19:34 - 00009867 _____ C:\ComboFix.txt

2013-10-22 19:12 - 2013-10-22 19:34 - 00000000 ____D C:\ComboFix

2013-10-22 19:12 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe

2013-10-22 19:12 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe

2013-10-22 19:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-10-22 19:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-10-22 19:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-10-22 19:12 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe

2013-10-22 19:12 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe

2013-10-22 19:12 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe

2013-10-22 19:11 - 2013-10-22 19:34 - 00000000 ____D C:\Qoobox

2013-10-22 19:10 - 2013-10-22 19:33 - 00000000 ____D C:\Windows\erdnt

2013-10-22 19:10 - 2013-10-22 19:10 - 05136138 ____R (Swearware) C:\Users\whw\Downloads\ComboFix.exe

2013-10-21 22:02 - 2013-10-21 22:02 - 00008584 _____ C:\Users\whw\Documents\gmer.txt

2013-10-21 21:33 - 2013-10-21 21:33 - 00377856 _____ C:\Users\whw\Downloads\d3tfuuts.exe

2013-10-21 21:30 - 2013-10-21 21:30 - 00000000 ____D C:\ProgramData\Oracle

2013-10-21 21:26 - 2013-10-21 21:25 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-10-21 21:26 - 2013-10-21 21:25 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-10-21 21:26 - 2013-10-21 21:25 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-10-21 21:26 - 2013-10-21 21:25 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-10-21 21:16 - 2013-10-21 21:16 - 00000000 ____D C:\Users\whw\AppData\Roaming\Malwarebytes

2013-10-21 20:48 - 2013-10-21 20:49 - 00014823 _____ C:\Users\whw\Downloads\Addition.txt

2013-10-21 20:47 - 2013-10-21 20:47 - 00000000 ____D C:\FRST

2013-10-21 20:28 - 2013-10-21 20:28 - 00000911 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-21 20:28 - 2013-10-21 20:28 - 00000000 ____D C:\Users\Margret\AppData\Roaming\Malwarebytes

2013-10-21 20:28 - 2013-10-21 20:28 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-21 20:28 - 2013-10-21 20:28 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-21 20:28 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-21 20:27 - 2013-10-21 20:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\whw\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-21 20:27 - 2013-10-21 20:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\whw\Downloads\mbam-setup-1.75.0.1300(1).exe

2013-10-20 20:22 - 2013-10-20 20:22 - 00000752 _____ C:\Users\Public\Desktop\VLC media player.lnk

2013-10-20 20:18 - 2013-10-20 20:18 - 24278649 _____ C:\Users\whw\Downloads\vlc-2.1.0-win32.exe

2013-10-20 20:15 - 2013-10-20 20:15 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-10-20 19:28 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-20 19:28 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-20 19:28 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-20 19:28 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-10-20 19:28 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-20 19:28 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-20 19:28 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-10-20 19:28 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-20 19:28 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-10-20 19:28 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-20 19:28 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-10-20 19:28 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-20 19:28 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-20 19:28 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-20 19:28 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-10-20 19:28 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-20 19:00 - 2013-10-20 19:00 - 00000000 ____D C:\Users\whw\AppData\Roaming\Real

2013-10-18 18:14 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll

2013-10-18 18:14 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll

2013-10-18 18:14 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll

2013-10-18 18:14 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll

2013-10-18 18:14 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2013-10-18 18:14 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

2013-10-18 18:14 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2013-10-18 18:14 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-10-18 18:14 - 2013-08-27 03:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2013-10-18 18:14 - 2013-08-01 05:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-18 18:14 - 2013-08-01 04:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2013-10-18 18:14 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-18 18:14 - 2013-07-03 04:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2013-10-18 18:14 - 2013-07-03 04:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-18 18:13 - 2013-08-29 09:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-18 18:13 - 2013-07-12 11:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys

2013-10-18 18:13 - 2013-07-12 11:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys

2013-10-18 18:13 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-18 18:13 - 2013-06-29 04:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2013-10-18 18:13 - 2013-06-29 04:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2013-10-18 18:13 - 2013-06-29 04:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2013-10-18 18:13 - 2013-06-29 04:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2013-10-18 18:13 - 2013-06-27 01:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-18 18:13 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-18 18:13 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-18 18:13 - 2011-05-05 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2013-10-18 18:13 - 2011-05-05 15:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2013-09-30 15:55 - 2013-10-20 19:34 - 00000000 ____D C:\Windows\system32\MRT
 

==================== One Month Modified Files and Folders =======
 

2013-10-23 19:03 - 2013-10-23 19:03 - 01088113 _____ (Farbar) C:\Users\whw\Downloads\FRST.exe

2013-10-23 18:55 - 2013-10-23 18:55 - 00001077 _____ C:\Users\whw\Desktop\JRT.txt

2013-10-23 18:52 - 2013-10-23 18:52 - 01033335 _____ (Thisisu) C:\Users\whw\Downloads\JRT.exe

2013-10-23 18:52 - 2013-10-23 18:52 - 00000000 ____D C:\Windows\ERUNT

2013-10-23 18:50 - 2007-12-26 14:48 - 01390739 _____ C:\Windows\WindowsUpdate.log

2013-10-23 18:48 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-10-23 18:47 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-23 18:47 - 2006-11-02 14:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-23 18:47 - 2006-11-02 14:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-23 18:46 - 2013-10-23 18:43 - 00000000 ____D C:\AdwCleaner

2013-10-23 18:46 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-23 18:43 - 2013-10-23 18:43 - 01060070 _____ C:\Users\whw\Downloads\adwcleaner.exe

2013-10-22 19:34 - 2013-10-22 19:34 - 00009867 _____ C:\ComboFix.txt

2013-10-22 19:34 - 2013-10-22 19:12 - 00000000 ____D C:\ComboFix

2013-10-22 19:34 - 2013-10-22 19:11 - 00000000 ____D C:\Qoobox

2013-10-22 19:34 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default

2013-10-22 19:34 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public

2013-10-22 19:33 - 2013-10-22 19:10 - 00000000 ____D C:\Windows\erdnt

2013-10-22 19:28 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini

2013-10-22 19:26 - 2007-08-13 13:54 - 00084110 _____ C:\Windows\PFRO.log

2013-10-22 19:10 - 2013-10-22 19:10 - 05136138 ____R (Swearware) C:\Users\whw\Downloads\ComboFix.exe

2013-10-21 22:02 - 2013-10-21 22:02 - 00008584 _____ C:\Users\whw\Documents\gmer.txt

2013-10-21 21:33 - 2013-10-21 21:33 - 00377856 _____ C:\Users\whw\Downloads\d3tfuuts.exe

2013-10-21 21:30 - 2013-10-21 21:30 - 00000000 ____D C:\ProgramData\Oracle

2013-10-21 21:29 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-10-21 21:26 - 2007-08-13 13:04 - 00000000 ____D C:\Program Files\Common Files\Java

2013-10-21 21:25 - 2013-10-21 21:26 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-10-21 21:25 - 2013-10-21 21:26 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-10-21 21:25 - 2013-10-21 21:26 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-10-21 21:25 - 2013-10-21 21:26 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-10-21 21:24 - 2007-08-13 13:04 - 00000000 ____D C:\Program Files\Java

2013-10-21 21:16 - 2013-10-21 21:16 - 00000000 ____D C:\Users\whw\AppData\Roaming\Malwarebytes

2013-10-21 21:14 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\schemas

2013-10-21 20:49 - 2013-10-21 20:48 - 00014823 _____ C:\Users\whw\Downloads\Addition.txt

2013-10-21 20:47 - 2013-10-21 20:47 - 00000000 ____D C:\FRST

2013-10-21 20:28 - 2013-10-21 20:28 - 00000911 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-21 20:28 - 2013-10-21 20:28 - 00000000 ____D C:\Users\Margret\AppData\Roaming\Malwarebytes

2013-10-21 20:28 - 2013-10-21 20:28 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-21 20:28 - 2013-10-21 20:28 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-21 20:27 - 2013-10-21 20:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\whw\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-21 20:27 - 2013-10-21 20:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\whw\Downloads\mbam-setup-1.75.0.1300(1).exe

2013-10-20 21:17 - 2006-11-02 14:47 - 00315168 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-20 20:25 - 2013-05-14 18:49 - 00000000 ____D C:\Program Files\Real

2013-10-20 20:25 - 2013-05-14 18:48 - 00000000 ____D C:\Users\Margret\AppData\Roaming\Real

2013-10-20 20:25 - 2013-05-14 18:44 - 00000000 ____D C:\ProgramData\Real

2013-10-20 20:22 - 2013-10-20 20:22 - 00000752 _____ C:\Users\Public\Desktop\VLC media player.lnk

2013-10-20 20:22 - 2007-12-27 08:38 - 00000000 ____D C:\Users\Margret\AppData\Roaming\vlc

2013-10-20 20:18 - 2013-10-20 20:18 - 24278649 _____ C:\Users\whw\Downloads\vlc-2.1.0-win32.exe

2013-10-20 20:17 - 2013-01-18 14:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-10-20 20:15 - 2013-10-20 20:15 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-10-20 20:14 - 2013-08-18 15:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-10-20 20:14 - 2011-06-10 18:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-10-20 20:14 - 2007-12-26 22:18 - 00000000 ____D C:\Users\Margret\AppData\Local\Adobe

2013-10-20 19:34 - 2013-09-30 15:55 - 00000000 ____D C:\Windows\system32\MRT

2013-10-20 19:31 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2013-10-20 19:01 - 2008-12-26 14:38 - 00000000 ____D C:\Users\whw\AppData\Roaming\Skype

2013-10-20 19:00 - 2013-10-20 19:00 - 00000000 ____D C:\Users\whw\AppData\Roaming\Real

2013-10-20 19:00 - 2007-12-26 14:58 - 00000954 _____ C:\Users\whw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-09-30 15:39 - 2007-12-26 22:06 - 00221184 _____ C:\Users\Margret\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 

Files to move or delete:

====================

C:\Users\Margret\Schlecker_Fotoservice.exe
 
 

Some content of TEMP:

====================

C:\Users\whw\AppData\Local\temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-23 18:53
 

==================== End Of Log ============================

--- --- ---

danke&Grüße
Wolfgang

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Heute morgen nicht.
das eigentliche Problem des Threadtitels war eine zu kurz eingestellte Doppelklickzeit für die Maustaste, das habe ich heute entdeckt. Immerhin ist jetzt der Rechner (fast?) sauber.
Mache heute abend die letzten Tests mit eset
danke für die Hilfe soweit
wolfgang