Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   abuse@t-online legt mein outlock lahm (https://www.trojaner-board.de/144686-abuse-t-online-legt-outlock-lahm.html)

Billpc 16.11.2013 20:18
abuse@t-online legt mein outlock lahm
 
Hallo Leute,

mal wieder brauche ich Eure Hilfe weil meine PC mal wieder streikt.

Heute bekam ich die alseits bekannte Mail von abuse@t-online welche mir den Befall meines PC bzw das Versenden von Spam Mails bescheinigte

Nun kann ich über Outlock keine Mals mehr versenden.

Wie gehe ich weiter vor und wie finde ich die Schadsoftware?

Vielen Dank

aharonov 16.11.2013 20:36
Hi,

mach bitte einen FRST-Scan:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Billpc 17.11.2013 09:19

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013
Ran by Schmitz (administrator) on SCHMITZ-PC on 17-11-2013 09:16:25
Running from C:\Users\Schmitz\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339240 2008-11-03] (Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] - C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini [324 2012-07-19] ()
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\Schmitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.igoogleportal.com/portal/mypage.php#tab/90403
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/webhp?nord=1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {1EEB3645-59ED-4974-8ACC-BC090BCB053D} URL =
SearchScopes: HKCU - {1EEB3645-59ED-4974-8ACC-BC090BCB053D} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Schmitz\AppData\Roaming\Mozilla\Firefox\Profiles\k7im7vp2.default
FF Homepage: www.hw-store.net
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Schmitz\Music\Amazon MP3\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

Chrome:
=======
CHR DefaultSearchURL: (Ask) - hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=8126aa6c-89a3-480b-a8ce-982f41bd29f2&apn_ptnrs=%5EAGS&apn_sauid=07B65A62-6BF7-4089-A258-913C76FA46C2&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
CHR DefaultSuggestURL: (Ask) - hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Users\Schmitz\Music\Amazon MP3\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Chrome In-App Payments service) - C:\Users\Schmitz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Schmitz\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.13.0.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 Realtek11nCU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)

==================== Drivers (Whitelisted) ====================

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2011-09-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [35840 2011-09-06] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2011-09-16] (LG Electronics Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2011-12-19] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [637360 2011-12-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [68608 2008-12-19] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [96768 2009-07-23] ()
S3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [122880 2008-12-19] ()
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [791144 2011-06-10] (Realtek Semiconductor Corporation                          )
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-17 09:16 - 2013-11-17 09:17 - 00018213 _____ C:\Users\Schmitz\Downloads\FRST.txt
2013-11-17 09:16 - 2013-11-17 09:16 - 00000000 ____D C:\FRST
2013-11-17 09:15 - 2013-11-17 09:15 - 01958236 _____ (Farbar) C:\Users\Schmitz\Downloads\FRST64.exe
2013-11-17 09:12 - 2013-11-17 09:13 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{0F74108C-1038-4E36-B824-101FDB89AEA7}
2013-11-16 20:07 - 2013-11-16 20:07 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{A3C7584B-A5B9-4409-9054-F66EC6A598E2}
2013-11-15 06:39 - 2013-11-15 06:39 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{A6A2FC07-9664-4F64-90E5-093DF6C40D7B}
2013-11-14 06:37 - 2013-11-14 06:37 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{2A777877-E785-4E8C-AEF1-373BA38E3999}
2013-11-13 17:11 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-13 17:11 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-13 17:11 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-13 17:11 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-13 17:11 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-13 17:11 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-13 17:11 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-13 17:11 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-13 17:11 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-13 17:11 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-13 17:11 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-13 17:11 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-13 17:11 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-13 17:11 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-13 17:11 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-13 17:11 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-13 17:11 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-13 17:11 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-13 17:11 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-13 17:11 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-13 17:11 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-13 17:11 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-13 17:11 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-13 17:11 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-13 17:11 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-13 17:11 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-13 17:11 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-13 17:11 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-13 17:11 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-13 17:11 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-13 17:11 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 06:34 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-13 06:34 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-13 06:34 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-13 06:34 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2013-11-13 06:34 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 06:34 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-13 06:34 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-13 06:34 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 06:34 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-13 06:34 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-13 06:34 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 06:34 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-13 06:34 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2013-11-13 06:34 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-13 06:34 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-13 06:34 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-13 06:34 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-13 06:34 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-13 06:34 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-13 06:34 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-13 06:34 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-13 06:34 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-13 06:34 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-13 06:34 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-13 06:34 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2013-11-13 06:34 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-13 06:34 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2013-11-13 06:34 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2013-11-13 06:34 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-13 06:34 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-11-13 06:32 - 2013-11-13 06:32 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{F4D18C9F-1ADC-4A1C-B2DA-E6B2E636A2A3}
2013-11-13 06:25 - 2013-11-13 06:25 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{35142D57-21A1-4674-9122-4A0BA203E3F1}
2013-11-12 16:51 - 2013-11-12 16:51 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{83535FCB-882E-45C0-AD45-EA1858C98F66}
2013-11-12 16:47 - 2013-11-12 16:47 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{E2FAD17C-D719-491C-9B81-CDDF386BD8F9}
2013-11-12 16:46 - 2013-11-12 16:46 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{D3092F9D-14BC-4104-BF23-0DA26E68F0F6}
2013-11-12 14:22 - 2013-11-12 14:22 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{F044FB6B-1DAB-4AF1-BC04-C4EDAD2AB126}
2013-11-11 19:13 - 2013-11-11 19:13 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{75B9BD5A-9370-406C-B0C9-C8D531C67B35}
2013-11-11 18:55 - 2013-11-11 18:55 - 00001625 _____ C:\Users\Schmitz\Downloads\iGoogle-settings.xml
2013-11-11 06:53 - 2013-11-11 06:54 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{85EDE717-6BB1-4472-9ACF-B9AFEFA76502}
2013-11-10 10:39 - 2013-11-10 10:39 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{F2B9A414-40C0-4E8E-A373-364AF29258B7}
2013-11-09 08:08 - 2013-11-09 08:08 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{C62BC2E6-0EB1-4812-85A5-31947CEFA46B}
2013-11-08 06:33 - 2013-11-08 06:33 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{A8052AA4-5AD3-4DA1-B6D0-E6569788A84E}
2013-11-07 15:35 - 2013-11-07 15:36 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{4BBC920D-98B2-4664-A844-A50FD23C64BD}
2013-11-07 06:30 - 2013-11-07 06:30 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{B6FE0C32-3B6A-439B-8B69-E0D6983B6468}
2013-11-06 13:37 - 2013-11-06 13:37 - 00003066 _____ C:\Users\Schmitz\Documents\06.11.13.axp
2013-11-06 12:43 - 2013-11-06 12:43 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{1BA041CD-C507-4EA2-ADDF-F05D34851DB1}
2013-11-06 06:33 - 2013-11-06 06:33 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{1B76CC19-CCDE-4272-B0C0-93900B3F5959}
2013-11-05 07:05 - 2013-11-05 07:05 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{BCF86788-7ACE-4C5F-8BBA-D1D9812AC186}
2013-11-04 13:22 - 2013-11-04 13:22 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{0D978632-2993-4E1B-8EFB-17AA9B2C1F5B}
2013-11-04 13:18 - 2013-11-04 13:18 - 104867914 _____ C:\windows\SysWOW64\鷌쿅;
2013-11-02 08:18 - 2013-11-02 08:18 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{E768545F-1D33-4E43-9DDB-A3C0F26E8E24}
2013-11-01 06:48 - 2013-11-01 06:48 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{15E338A3-638B-4EC4-B06E-E637B07C2CC2}
2013-10-31 06:46 - 2013-10-31 06:46 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{9DF3DEC9-8316-44C7-9869-4C48A37E8176}
2013-10-30 14:42 - 2013-10-30 14:42 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{D700EA83-852C-4C69-9BFB-45623F1B48C7}
2013-10-29 19:19 - 2013-10-29 19:20 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{FA9A49D2-B654-49F8-B527-AE2B8A8B09B2}
2013-10-29 11:08 - 2013-10-29 11:08 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{684C5D68-BA67-462A-8044-F8C01A41CFCA}
2013-10-28 17:15 - 2013-10-28 17:15 - 00004886 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-28 17:15 - 2013-10-28 17:15 - 00000000 ____D C:\ProgramData\Oracle
2013-10-28 17:15 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-28 17:15 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-10-28 17:15 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-10-28 17:15 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-10-28 17:14 - 2013-10-28 17:14 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{06231380-E178-448F-A473-574D4A811A13}
2013-10-28 06:33 - 2013-10-28 06:33 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{7235621C-0195-42BF-A537-EB67E7829077}
2013-10-27 17:26 - 2013-10-27 17:26 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{4F9444A7-18FC-401C-B1F0-09472FC83496}
2013-10-27 07:12 - 2013-10-27 07:12 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{1DA680ED-16BA-434E-8090-B0CDF5A258BB}
2013-10-26 06:19 - 2013-10-26 06:19 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{FDC20542-C73B-47BD-9A5E-E083737DFC0A}
2013-10-25 05:56 - 2013-10-25 05:56 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{6B093BFF-05E0-4ACF-88D5-D444313F10F2}
2013-10-24 17:27 - 2013-10-24 17:27 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{220F5649-BDA7-480A-81D8-AC95B1D70B80}
2013-10-23 07:02 - 2013-10-23 07:02 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{64EFB4F6-176B-440F-8DB1-AEC88ACA5058}
2013-10-22 05:37 - 2013-10-22 05:37 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{D83DAF66-6FAE-4650-8B42-0E8E48639DFB}
2013-10-21 15:04 - 2013-10-21 15:04 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{835AEF00-0313-4BC0-9967-AD96C7A627BF}
2013-10-18 18:50 - 2013-10-18 18:50 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{A6E44E77-8AEB-4929-BF69-813DD533D64C}

==================== One Month Modified Files and Folders =======

2013-11-17 09:17 - 2013-11-17 09:16 - 00018213 _____ C:\Users\Schmitz\Downloads\FRST.txt
2013-11-17 09:16 - 2013-11-17 09:16 - 00000000 ____D C:\FRST
2013-11-17 09:15 - 2013-11-17 09:15 - 01958236 _____ (Farbar) C:\Users\Schmitz\Downloads\FRST64.exe
2013-11-17 09:15 - 2012-10-17 13:06 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-17 09:14 - 2009-07-14 05:45 - 00016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-17 09:14 - 2009-07-14 05:45 - 00016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-17 09:13 - 2013-11-17 09:12 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{0F74108C-1038-4E36-B824-101FDB89AEA7}
2013-11-17 09:10 - 2012-05-14 18:56 - 01105366 _____ C:\windows\WindowsUpdate.log
2013-11-17 09:05 - 2012-07-18 16:24 - 00001108 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-17 09:05 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-17 09:05 - 2009-07-14 05:51 - 00109419 _____ C:\windows\setupact.log
2013-11-16 20:07 - 2013-11-16 20:07 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{A3C7584B-A5B9-4409-9054-F66EC6A598E2}
2013-11-16 19:59 - 2012-07-18 16:24 - 00001112 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-16 19:34 - 2012-07-17 17:26 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{1169BC01-178A-450F-9711-5C5BE46FECA2}
2013-11-15 06:39 - 2013-11-15 06:39 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{A6A2FC07-9664-4F64-90E5-093DF6C40D7B}
2013-11-14 16:29 - 2012-07-19 16:10 - 00000000 ___RD C:\Users\Schmitz\Desktop\Aktenkoffer
2013-11-14 16:19 - 2012-07-19 16:20 - 00001080 _____ C:\windows\Brpfx04a.ini
2013-11-14 06:37 - 2013-11-14 06:37 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{2A777877-E785-4E8C-AEF1-373BA38E3999}
2013-11-13 17:12 - 2012-07-14 12:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 06:42 - 2013-08-14 05:48 - 00000000 ____D C:\windows\system32\MRT
2013-11-13 06:41 - 2012-03-19 10:06 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-13 06:32 - 2013-11-13 06:32 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{F4D18C9F-1ADC-4A1C-B2DA-E6B2E636A2A3}
2013-11-13 06:25 - 2013-11-13 06:25 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{35142D57-21A1-4674-9122-4A0BA203E3F1}
2013-11-12 16:51 - 2013-11-12 16:51 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{83535FCB-882E-45C0-AD45-EA1858C98F66}
2013-11-12 16:47 - 2013-11-12 16:47 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{E2FAD17C-D719-491C-9B81-CDDF386BD8F9}
2013-11-12 16:46 - 2013-11-12 16:46 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{D3092F9D-14BC-4104-BF23-0DA26E68F0F6}
2013-11-12 14:24 - 2011-04-12 08:43 - 00654150 _____ C:\windows\system32\perfh007.dat
2013-11-12 14:24 - 2011-04-12 08:43 - 00130022 _____ C:\windows\system32\perfc007.dat
2013-11-12 14:24 - 2009-07-14 06:13 - 01498742 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-12 14:22 - 2013-11-12 14:22 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{F044FB6B-1DAB-4AF1-BC04-C4EDAD2AB126}
2013-11-11 19:13 - 2013-11-11 19:13 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{75B9BD5A-9370-406C-B0C9-C8D531C67B35}
2013-11-11 18:55 - 2013-11-11 18:55 - 00001625 _____ C:\Users\Schmitz\Downloads\iGoogle-settings.xml
2013-11-11 06:54 - 2013-11-11 06:53 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{85EDE717-6BB1-4472-9ACF-B9AFEFA76502}
2013-11-10 10:39 - 2013-11-10 10:39 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{F2B9A414-40C0-4E8E-A373-364AF29258B7}
2013-11-09 08:08 - 2013-11-09 08:08 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{C62BC2E6-0EB1-4812-85A5-31947CEFA46B}
2013-11-08 06:33 - 2013-11-08 06:33 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{A8052AA4-5AD3-4DA1-B6D0-E6569788A84E}
2013-11-07 15:36 - 2013-11-07 15:35 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{4BBC920D-98B2-4664-A844-A50FD23C64BD}
2013-11-07 15:32 - 2012-07-14 10:32 - 00000000 ____D C:\Users\Schmitz
2013-11-07 15:31 - 2012-07-17 12:20 - 00000000 ____D C:\Users\Schmitz\AppData\Roaming\vlc
2013-11-07 15:31 - 2011-04-12 08:54 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-07 15:31 - 2009-07-14 04:20 - 00000000 ____D C:\windows\registration
2013-11-07 06:30 - 2013-11-07 06:30 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{B6FE0C32-3B6A-439B-8B69-E0D6983B6468}
2013-11-06 13:37 - 2013-11-06 13:37 - 00003066 _____ C:\Users\Schmitz\Documents\06.11.13.axp
2013-11-06 12:43 - 2013-11-06 12:43 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{1BA041CD-C507-4EA2-ADDF-F05D34851DB1}
2013-11-06 06:33 - 2013-11-06 06:33 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{1B76CC19-CCDE-4272-B0C0-93900B3F5959}
2013-11-05 07:05 - 2013-11-05 07:05 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{BCF86788-7ACE-4C5F-8BBA-D1D9812AC186}
2013-11-04 13:22 - 2013-11-04 13:22 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{0D978632-2993-4E1B-8EFB-17AA9B2C1F5B}
2013-11-04 13:18 - 2013-11-04 13:18 - 104867914 _____ C:\windows\SysWOW64\鷌쿅;
2013-11-02 08:18 - 2013-11-02 08:18 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{E768545F-1D33-4E43-9DDB-A3C0F26E8E24}
2013-11-01 16:07 - 2012-07-17 17:09 - 00000000 ___RD C:\Users\Schmitz\Desktop\Rechnungen
2013-11-01 06:48 - 2013-11-01 06:48 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{15E338A3-638B-4EC4-B06E-E637B07C2CC2}
2013-10-31 06:57 - 2012-08-13 12:24 - 00000000 ____D C:\Users\Schmitz\AppData\Local\CrashDumps
2013-10-31 06:46 - 2013-10-31 06:46 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{9DF3DEC9-8316-44C7-9869-4C48A37E8176}
2013-10-30 14:42 - 2013-10-30 14:42 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{D700EA83-852C-4C69-9BFB-45623F1B48C7}
2013-10-29 19:20 - 2013-10-29 19:19 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{FA9A49D2-B654-49F8-B527-AE2B8A8B09B2}
2013-10-29 11:08 - 2013-10-29 11:08 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{684C5D68-BA67-462A-8044-F8C01A41CFCA}
2013-10-28 17:15 - 2013-10-28 17:15 - 00004886 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-28 17:15 - 2013-10-28 17:15 - 00000000 ____D C:\ProgramData\Oracle
2013-10-28 17:15 - 2012-07-17 12:21 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-28 17:14 - 2013-10-28 17:14 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{06231380-E178-448F-A473-574D4A811A13}
2013-10-28 06:33 - 2013-10-28 06:33 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{7235621C-0195-42BF-A537-EB67E7829077}
2013-10-27 17:26 - 2013-10-27 17:26 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{4F9444A7-18FC-401C-B1F0-09472FC83496}
2013-10-27 07:12 - 2013-10-27 07:12 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{1DA680ED-16BA-434E-8090-B0CDF5A258BB}
2013-10-26 06:19 - 2013-10-26 06:19 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{FDC20542-C73B-47BD-9A5E-E083737DFC0A}
2013-10-25 05:56 - 2013-10-25 05:56 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{6B093BFF-05E0-4ACF-88D5-D444313F10F2}
2013-10-24 17:27 - 2013-10-24 17:27 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{220F5649-BDA7-480A-81D8-AC95B1D70B80}
2013-10-23 07:02 - 2013-10-23 07:02 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{64EFB4F6-176B-440F-8DB1-AEC88ACA5058}
2013-10-22 05:37 - 2013-10-22 05:37 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{D83DAF66-6FAE-4650-8B42-0E8E48639DFB}
2013-10-21 15:04 - 2013-10-21 15:04 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{835AEF00-0313-4BC0-9967-AD96C7A627BF}
2013-10-18 18:50 - 2013-10-18 18:50 - 00000000 ____D C:\Users\Schmitz\AppData\Local\{A6E44E77-8AEB-4929-BF69-813DD533D64C}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-07-14 11:03

==================== End Of Log ============================
--- --- ---
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2013
Ran by Schmitz at 2013-11-17 09:17:20
Running from C:\Users\Schmitz\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.3) MUI (x32 Version: 10.1.3)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Brother MFL-Pro Suite MFC-5890CN (x32 Version: 1.0.1.0)
Canon iP4900 series On-screen Manual (x32)
Canon iP4900 series Printer Driver
Canon My Printer (x32 Version: 3.0.0)
CDBurnerXP (x32 Version: 4.5.1.3868)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
D3DX10 (x32 Version: 15.4.2368.0902)
DDBAC (x32 Version: 4.3.81)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Google Chrome (x32 Version: 30.0.1599.101)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
IM Lock (x32)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 8.0.0.1351)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2618)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.1.209)
Intel® Trusted Connect Service Client (Version: 1.23.216.0)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lexware Info Service (x32 Version: 2.61.00.0033)
Lexware online banking (x32 Version: 10.00.00.0102)
LG United Mobile Drivers (x32 Version: 3.6.0.0)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Paint.NET v3.5.10 (Version: 3.60.0)
PaperPort Image Printer 64-bit (Version: 1.00.0000)
Quicken 2011 - ServicePack 4 (x32 Version: 18.04.00.0123)
Quicken 2011 (x32 Version: 18.00.00.0084)
Quicken Import Export Server 2011 (x32 Version: 18.00.00.0081)
Realtek Ethernet Controller Driver (x32 Version: 7.49.927.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6554)
REALTEK Wireless LAN Driver and Utility (x32 Version: 1.00.0174)
ScanSoft PaperPort 11 (x32 Version: 11.2.0000)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005)
Trendpoker 3D - Texas Hold'em Poker - DEMO (x32 Version: 1.9)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
VLC media player 2.0.3 (x32 Version: 2.0.3)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
XnView 1.98.5 (x32 Version: 1.98.5)

==================== Restore Points  =========================

13-10-2013 15:07:00 Windows Update
16-10-2013 04:45:23 Windows Update
20-10-2013 08:14:52 Windows Update
24-10-2013 05:05:24 Windows Update
28-10-2013 05:32:59 Windows Update
28-10-2013 16:14:41 Installed Java 7 Update 45
31-10-2013 16:57:23 Windows Update
04-11-2013 12:27:50 Windows Update
07-11-2013 19:36:02 Windows Update
11-11-2013 11:51:08 Windows Update
13-11-2013 05:39:53 Windows Update
13-11-2013 16:11:29 Windows Update
16-11-2013 18:37:32 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {22DD8F53-C28C-45BB-9F8D-581DBA1B7306} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {388AF2D3-906A-4339-B878-AC0F45E1B075} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {5229D2E8-14C5-4564-AAE8-2C2633B15109} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {81E58D0E-2160-4ED7-9C05-D17E8F610FF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-18] (Google Inc.)
Task: {ACB157A2-E3EA-4DFF-8FCD-40A5FF37627B} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe
Task: {B203C592-9101-46A9-A8CE-E216A3602253} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-18] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-03-19 08:21 - 2012-01-06 02:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-10 12:52 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-07-19 16:19 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-07-17 15:27 - 2009-12-09 20:20 - 00126976 _____ () C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll
2012-03-19 08:20 - 2011-12-16 10:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-02 17:21 - 2013-09-02 17:21 - 00172032 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll
2012-03-19 08:25 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2013 09:07:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2013 07:28:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2013 03:08:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2013 06:33:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2013 03:59:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2013 06:31:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2013 02:26:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2013 06:13:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2013 04:44:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2013 02:21:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/17/2013 09:06:33 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (11/16/2013 07:28:11 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (11/15/2013 03:08:20 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (11/15/2013 06:33:04 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (11/13/2013 02:27:23 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (11/07/2013 03:32:52 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Laden der Signaturen wurde von %60 ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.

        Versuchte Signaturen: %24

        Fehlercode: 0x80070002

        Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden.

        Signaturversion: 0.0.0.0;0.0.0.0

        Modulversion: %600

Error: (10/31/2013 06:37:33 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/31/2013 06:37:33 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (10/31/2013 06:37:33 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (10/29/2013 06:54:18 AM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.161.866.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.3.0219.00

        Quellpfad: 4.3.0219.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608


Microsoft Office Sessions:
=========================
Error: (11/17/2013 09:07:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2013 07:28:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2013 03:08:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2013 06:33:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2013 03:59:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2013 06:31:56 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2013 02:26:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2013 06:13:03 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2013 04:44:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2013 02:21:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-07-14 16:00:54.918
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-14 16:00:54.886
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 8071.34 MB
Available physical RAM: 6060.34 MB
Total Pagefile: 16140.85 MB
Available Pagefile: 13938 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:455.66 GB) (Free:369.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: DFF3A559)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=27)

==================== End Of Log ============================

aharonov 17.11.2013 15:15
Hi,

hast du dein Email-Passwort schon geändert? Verbinden sich noch weitere Rechner über diesen Internetanschluss?


Hinweis: Mehrere AV-Hintergrundwächter

Mir ist aufgefallen, dass du mehr als ein Antivirus-Programm mit Hintergrundwächter laufen hast:
  • Avira Free Antivirus
  • Microsoft Security Essentials
Das ist gefährlich, da sich die verschiedenen Hintergrundwächter gegenseitig in die Quere kommen können und dadurch in ihrer Summe nicht mehr sondern weniger Schutz bieten. Ausserdem bremst das auch das System aus.

Entscheide dich für eines dieser Programme und deinstalliere die anderen über Start -> Systemsteuerung -> Programme und Funktionen (Vista & Win 7) bzw. Start -> Systemsteuerung -> Software (Win XP).



Schritt 1

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




Schritt 2


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Billpc 17.11.2013 19:03
Mailpasswort habe ich geändert. Unser Sohn und meine Frau gehen über den gleichen Wlan Anschluß ins Netz, allerdings nicht über diesen PC


Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.17.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Schmitz :: SCHMITZ-PC [Administrator]

17.11.2013 17:25:20
mbam-log-2013-11-17 (17-25-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207622
Laufzeit: 3 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=51d588f22ed3504dafac0be7f4250dea
# engine=15916
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-17 05:31:24
# local_time=2013-11-17 06:31:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16774142 0 5 5458 6501886 0 0
# compatibility_mode=5893 16776574 100 94 11244411 136339334 0 0
# scanned=174124
# found=0
# cleaned=0
# scan_time=3149

aharonov 17.11.2013 19:07
Überprüfe noch mit diesem Plugin-Check (mit dem Firefox hier), ob alle deine verwendeten Plugin-Versionen aktuell sind und update sie anderenfalls.


Dann sollte man die anderen Rechner auch noch untersuchen. Dieser hier sieht sauber aus.

Billpc 17.11.2013 19:21
plugin konnte meinen Browser nicht erkennen

Adobe kann nicht aktualisiert werden

Die anderen Rechner sind Handys

update Adobe ist doch installiert

Vielen Dank vorerst


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27