Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   G-Data Antivir wird durch lokale Gruppenrichtlinien geblockt (https://www.trojaner-board.de/152591-g-data-antivir-lokale-gruppenrichtlinien-geblockt.html)

bodi2290 16.04.2014 10:06
G-Data Antivir wird durch lokale Gruppenrichtlinien geblockt
 
Hallo zusammen,

ich habe hier einen Laptop mit Win 7 64 Bit.
Bei diesem wird seit neustem die Ausführung von G-Data Antivir durch die Lokale Gruppenrichtlinie geblockt.

Ich habe schon die Log Dateien erstellt und hoffe, dass Ihr mir hier helfen könnt.
Im vorraus schonmal vielen Dank dafür :-)

schrauber 16.04.2014 10:20
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

bodi2290 16.04.2014 10:42
Ok sorry mein Fehler :-)
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014
Ran by Else und Rolf at 2014-04-16 10:31:35
Running from C:\Users\Else und Rolf\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: G Data AntiVirus 2013 (Enabled - Up to date) {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
AS: G Data AntiVirus 2013 (Enabled - Up to date) {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen (HKLM-x32\...\Adobe_061850775b1c6d22bf2a145678e05e0) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 9 Plugin (HKLM-x32\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (x32 Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.0.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Adobe SING CS3 (x32 Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
AMD USB Audio Driver Filter (HKLM-x32\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{5F4ED7B4-C4A5-F8B0-8AF2-6F199E172A1B}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camera Control Pro 2 (HKLM-x32\...\{FE96C49B-DB90-405E-A00E-09E38372F880}) (Version: 2.13.0 - Nikon)
CCleaner (HKLM\...\CCleaner) (Version: 3.07 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.05 - Piriform)
dm Digi Foto (HKLM-x32\...\dm Digi Foto) (Version: 2.3.0.93 - Imaxel Lab S.L)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4121 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4121 - Hewlett-Packard) Hidden
G Data AntiVirus 2014 (HKLM-x32\...\{5F17164A-FE5F-48B4-916F-56C6C4470D32}) (Version: 24.0.3.4 - G Data Software AG)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{B16F9E6E-1388-472C-98C3-F32D397EF85D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Hilfe (HKLM-x32\...\{72EDA2AC-2908-4BB3-97E5-4F9DDEBF9731}) (Version: 6.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.4.2 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{1061DF04-CF33-40B0-8360-D07C9BBEB122}) (Version: 3.50.10.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
Internet-TV für Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.4.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416025FF}) (Version: 6.0.250 - Oracle)
Java(TM) 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
JMicron JMB38X Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.20.07 - JMicron Technology Corp.)
KERAMAG Badplaner (HKLM-x32\...\{3F26FC67-A32A-46EB-AB55-ACB9EA65DD3F}) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
myphotobook.de (HKLM-x32\...\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.3.0 - myphotobook GmbH)
myphotobook.de (x32 Version: 1.3.0 - myphotobook GmbH) Hidden
Nikon File Uploader 2 (HKLM-x32\...\{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}) (Version: 2.0.2 - Nikon)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.1 - Nikon)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.6 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)
Studie zur Verbesserung von HP Officejet 4620 series Produkten (HKLM\...\{ABBC6F00-E9C9-4B1E-B046-8FFD7BA3A456}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
TomTom HOME 2.8.3.2499 (HKLM-x32\...\TomTom HOME) (Version: 2.8.3.2499 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.0.2 - Nikon)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0) (HKLM\...\07B260955637F1FF7587ED2AA87459040DD09BF7) (Version: 09/04/2008 2.6.0.0 - ENE)

==================== Restore Points  =========================

02-02-2014 11:40:06 Geplanter Prüfpunkt
09-02-2014 18:53:57 Geplanter Prüfpunkt
26-02-2014 20:49:44 Geplanter Prüfpunkt
06-03-2014 09:09:17 Geplanter Prüfpunkt
15-03-2014 15:01:01 Geplanter Prüfpunkt
23-03-2014 11:15:52 Geplanter Prüfpunkt
04-04-2014 09:57:40 Geplanter Prüfpunkt
13-04-2014 08:39:01 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {066BD136-DA15-4114-A5ED-8A89DB30C04D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03] (Google Inc.)
Task: {0A3A6F46-FC82-4A3E-B7C8-7F738FD6E1A3} - System32\Tasks\{506B393D-E6B5-408A-8AB2-A599FA0E96E2} => C:\Program Files (x86)\G Data\AntiVirus\GUI\GDSC.exe [2013-08-21] (G Data Software AG)
Task: {0B34D4C0-9973-4319-88B6-CD82D0288806} - System32\Tasks\{CC806A21-2B5D-4ACA-8C58-27834B5C43A2} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/privacy
Task: {24C2DEC4-507E-4C5D-B409-C5D341E00DC3} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4a56c3d32e39 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03] (Google Inc.)
Task: {2AE30353-5EEF-4C96-9971-58F1E1973D35} - System32\Tasks\{E755FD61-6CA6-49BA-B2F0-6FED78C4573D} => C:\Program Files (x86)\G Data\AntiVirus\GUI\GDSC.exe [2013-08-21] (G Data Software AG)
Task: {5419C79E-3E36-4F45-9D66-1D759BC78954} - System32\Tasks\{F73B4778-A9A2-42DC-A3C3-B2FCC8D8DF32} => C:\Program Files (x86)\G Data\AntiVirus\GUI\GDSC.exe [2013-08-21] (G Data Software AG)
Task: {59F15730-0FEF-427F-8DBE-312BD5E761EA} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {68F0DE5C-73AE-4AAD-9C15-DB649F7397CA} - System32\Tasks\{C93C72AB-5185-4554-A4BA-296943570265} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/privacy
Task: {6C42BAD3-578C-4931-84B9-BF2C29BD6401} - System32\Tasks\{B91069F7-2B7F-48C8-AC57-7857B00BAE78} => C:\Program Files (x86)\G Data\AntiVirus\GUI\GDSC.exe [2013-08-21] (G Data Software AG)
Task: {7A181B9B-7985-418A-9B02-2BACBEB50C5F} - System32\Tasks\{8A0E4CA1-CEB1-47B2-94D5-F9804CB63644} => C:\Program Files (x86)\G Data\AntiVirus\GUI\GDSC.exe [2013-08-21] (G Data Software AG)
Task: {7B0716B4-FFEB-45D2-BD6A-9F2997CE2191} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03] (Google Inc.)
Task: {9399DAFE-72EF-480D-9B3D-973FA55C9B93} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AAEEAC88-8B21-474F-8F79-1C30DAD56C34} - System32\Tasks\{C90DE193-0590-40AB-9FCB-7F79220C3189} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.120.259/en/abandoninstall?page=tsChrome&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
Task: {C049358C-B1D2-4B40-BE7F-72C5F5E09E71} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4a56c983900c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03] (Google Inc.)
Task: {E56FB168-E75B-4C2D-B561-F6ABCBF9DA5A} - System32\Tasks\{852CFB7A-E35C-4DF9-B675-74A9BDEC0DBF} => C:\Program Files (x86)\G Data\AntiVirus\GUI\GDSC.exe [2013-08-21] (G Data Software AG)
Task: {EA186959-923B-44A4-8E8B-EC0BF7CB3DEB} - System32\Tasks\{CFF7C12C-D635-4D6C-AD77-776E9FE5FA50} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {ECB3A3EA-7684-4463-B8AD-7F0173CCD0E3} - System32\Tasks\{407F2AC5-57B5-4D31-A883-C9F814EC372A} => C:\Program Files (x86)\G Data\AntiVirus\GUI\GDSC.exe [2013-08-21] (G Data Software AG)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4a56c3d32e39.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4a56c983900c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 10:31 - 2013-08-14 10:31 - 00335312 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2012-08-27 22:33 - 2012-08-27 22:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 22:33 - 2012-08-27 22:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-17 16:19 - 2011-05-29 10:40 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2014 09:51:30 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error: (04/16/2014 09:10:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21681674

Error: (04/16/2014 09:10:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21681674

Error: (04/16/2014 09:10:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/05/2014 00:37:15 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15070

Error: (04/05/2014 00:37:15 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15070

Error: (04/05/2014 00:37:15 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/03/2014 03:59:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21605390

Error: (04/03/2014 03:59:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21605390

Error: (04/03/2014 03:59:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/15/2014 09:05:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891

Error: (04/15/2014 09:05:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891

Error: (04/15/2014 08:51:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891

Error: (04/15/2014 08:51:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891

Error: (04/15/2014 08:49:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891

Error: (04/15/2014 08:49:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891

Error: (04/15/2014 08:21:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891

Error: (04/15/2014 08:21:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891

Error: (04/15/2014 07:58:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891

Error: (04/15/2014 07:58:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (04/16/2014 09:51:30 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (04/16/2014 09:10:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21681674

Error: (04/16/2014 09:10:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21681674

Error: (04/16/2014 09:10:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/05/2014 00:37:15 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15070

Error: (04/05/2014 00:37:15 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15070

Error: (04/05/2014 00:37:15 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/03/2014 03:59:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21605390

Error: (04/03/2014 03:59:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21605390

Error: (04/03/2014 03:59:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 4093.21 MB
Available physical RAM: 2960.09 MB
Total Pagefile: 12283.4 MB
Available Pagefile: 10469.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:281.99 GB) (Free:170.71 GB) NTFS
Drive d: (SWAP) (Fixed) (Total:16 GB) (Free:7.91 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:7.26 GB) (Free:6.43 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 149FF503)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=282 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)

Partition: GPT Partition Type.

==================== End Of Log ============================

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by Else und Rolf (administrator) on NOTEBOOK on 16-04-2014 10:30:55
Running from C:\Users\Else und Rolf\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16395880 2009-10-03] (NVIDIA Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [321080 2009-07-27] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [G Data AntiVirus Tray] => C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe [1444472 2013-08-21] (G Data Software AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Program Files (x86)\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\G DATA <====== ATTENTION
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2186386748-3448033781-154322768-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247728 2012-01-23] (TomTom)
HKU\S-1-5-21-2186386748-3448033781-154322768-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\S-1-5-21-2186386748-3448033781-154322768-1000\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2186386748-3448033781-154322768-1000\...\Run: [mwfktkcz] => regsvr32.exe "C:\ProgramData\mwfktkcz.dat"
HKU\S-1-5-21-2186386748-3448033781-154322768-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Else und Rolf\AppData\Local\{402705d0-83ae-394d-a301-cf471c37f9d1}\n. ATTENTION! ====> ZeroAccess/Alureon?
Startup: C:\Users\Else und Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Else und Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x031FD56A6269CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6D6FFE77-3346-49FD-AD00-8D7B643AF552} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
SearchScopes: HKCU - {6D6FFE77-3346-49FD-AD00-8D7B643AF552} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1970296 2013-08-26] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [635000 2013-08-21] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2562208 2013-10-15] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [695416 2013-08-22] (G Data Software AG)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-12-16] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2013-12-16] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon64.sys [31448 2011-05-29] (G Data Software AG)
S3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [63320 2013-12-16] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-12-16] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2013-12-16] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2013-12-16] (G Data Software AG)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-16 10:30 - 2014-04-16 10:31 - 00013418 _____ () C:\Users\Else und Rolf\Desktop\FRST.txt
2014-04-16 10:29 - 2014-04-16 10:30 - 00000000 ____D () C:\FRST
2014-04-16 10:28 - 2014-04-16 10:28 - 00000488 _____ () C:\Users\Else und Rolf\Desktop\defogger_disable.log
2014-04-16 10:28 - 2014-04-16 10:28 - 00000000 _____ () C:\Users\Else und Rolf\defogger_reenable
2014-04-16 10:28 - 2014-04-16 10:27 - 00050477 _____ () C:\Users\Else und Rolf\Desktop\Defogger.exe
2014-04-16 10:28 - 2014-04-16 10:25 - 00380416 _____ () C:\Users\Else und Rolf\Desktop\Gmer-19357.exe
2014-04-16 10:23 - 2014-04-16 10:22 - 02054144 _____ (Farbar) C:\Users\Else und Rolf\Desktop\FRST64.exe
2014-04-15 21:07 - 2014-04-15 21:07 - 00002986 _____ () C:\Windows\System32\Tasks\{B91069F7-2B7F-48C8-AC57-7857B00BAE78}
2014-04-15 21:07 - 2014-04-15 21:07 - 00002986 _____ () C:\Windows\System32\Tasks\{8A0E4CA1-CEB1-47B2-94D5-F9804CB63644}
2014-04-15 21:07 - 2014-04-15 21:07 - 00002986 _____ () C:\Windows\System32\Tasks\{506B393D-E6B5-408A-8AB2-A599FA0E96E2}
2014-04-15 21:05 - 2014-04-15 21:05 - 00002986 _____ () C:\Windows\System32\Tasks\{F73B4778-A9A2-42DC-A3C3-B2FCC8D8DF32}
2014-04-15 21:05 - 2014-04-15 21:05 - 00002986 _____ () C:\Windows\System32\Tasks\{E755FD61-6CA6-49BA-B2F0-6FED78C4573D}
2014-04-15 21:05 - 2014-04-15 21:05 - 00002986 _____ () C:\Windows\System32\Tasks\{407F2AC5-57B5-4D31-A883-C9F814EC372A}
2014-04-15 21:04 - 2014-04-15 21:04 - 00002986 _____ () C:\Windows\System32\Tasks\{852CFB7A-E35C-4DF9-B675-74A9BDEC0DBF}
2014-03-29 10:55 - 2014-03-29 10:56 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-29 10:55 - 2014-03-29 10:55 - 00001851 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-28 09:24 - 2014-04-16 10:29 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4a56c983900c.job
2014-03-28 09:24 - 2014-04-16 09:25 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4a56c3d32e39.job
2014-03-28 09:24 - 2014-03-28 09:24 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4a56c983900c
2014-03-28 09:24 - 2014-03-28 09:24 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf4a56c3d32e39
2014-03-24 22:40 - 2014-03-24 22:54 - 01462347 _____ () C:\Users\Else und Rolf\Desktop\Badplan 1.psd
2014-03-24 22:19 - 2014-03-24 22:19 - 00000000 ____D () C:\Program Files (x86)\KERAMAG
2014-03-24 22:19 - 2000-09-15 03:00 - 01064456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mscomctl.ocx
2014-03-24 22:19 - 2000-09-15 03:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx
2014-03-24 22:19 - 1999-09-30 20:21 - 00166672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext35.dll
2014-03-24 22:19 - 1999-09-29 21:04 - 01238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjt4jlt.dll
2014-03-24 22:19 - 1999-09-28 22:42 - 01050896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet35.dll
2014-03-24 22:19 - 1999-09-09 23:06 - 00252688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl35.dll
2014-03-24 22:19 - 1999-09-09 23:06 - 00168720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus35.dll
2014-03-24 22:19 - 1999-08-25 15:57 - 00415504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl35.dll
2014-03-24 22:19 - 1999-07-03 23:43 - 00238609 _____ () C:\Windows\SysWOW64\ODBCJET.HLP
2014-03-24 22:19 - 1999-07-03 23:43 - 00007827 _____ () C:\Windows\SysWOW64\ODBCJET.CNT
2014-03-24 22:19 - 1999-06-10 10:34 - 00123664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint35.dll
2014-03-24 22:19 - 1999-06-10 10:34 - 00024848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter35.dll
2014-03-24 22:19 - 1999-06-07 19:59 - 00250128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspdox35.dll
2014-03-24 22:19 - 1999-04-26 21:08 - 00044304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrpfs35.dll
2014-03-24 22:19 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-03-24 22:19 - 1998-06-18 01:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL
2014-03-24 22:19 - 1998-06-01 15:37 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch35.dll
2014-03-24 22:19 - 1998-06-01 15:37 - 00294912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbse35.dll
2014-03-24 22:19 - 1998-06-01 15:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x35.dll
2014-03-24 22:19 - 1998-05-18 03:06 - 00368912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBAR332.DLL
2014-03-24 22:19 - 1998-05-05 12:36 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JETCOMP.exe
2014-03-23 10:45 - 2014-03-23 10:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-23 10:45 - 2014-03-23 10:45 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-22 10:12 - 2014-03-22 10:12 - 18993075 _____ () C:\Users\Else und Rolf\Desktop\Bad2.psd
2014-03-22 10:08 - 2014-03-22 10:08 - 58245183 _____ () C:\Users\Else und Rolf\Desktop\Bad.psd
2014-03-22 09:39 - 2014-03-22 10:12 - 04475822 _____ () C:\Users\Else und Rolf\Desktop\Wohnungsplan.psd

==================== One Month Modified Files and Folders =======

2014-04-16 10:31 - 2014-04-16 10:30 - 00013418 _____ () C:\Users\Else und Rolf\Desktop\FRST.txt
2014-04-16 10:30 - 2014-04-16 10:29 - 00000000 ____D () C:\FRST
2014-04-16 10:29 - 2014-03-28 09:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4a56c983900c.job
2014-04-16 10:28 - 2014-04-16 10:28 - 00000488 _____ () C:\Users\Else und Rolf\Desktop\defogger_disable.log
2014-04-16 10:28 - 2014-04-16 10:28 - 00000000 _____ () C:\Users\Else und Rolf\defogger_reenable
2014-04-16 10:28 - 2011-05-27 11:47 - 00000000 ____D () C:\Users\Else und Rolf
2014-04-16 10:27 - 2014-04-16 10:28 - 00050477 _____ () C:\Users\Else und Rolf\Desktop\Defogger.exe
2014-04-16 10:27 - 2011-06-03 08:29 - 00000000 ____D () C:\Users\Else und Rolf\AppData\Roaming\Skype
2014-04-16 10:25 - 2014-04-16 10:28 - 00380416 _____ () C:\Users\Else und Rolf\Desktop\Gmer-19357.exe
2014-04-16 10:24 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 10:24 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 10:22 - 2014-04-16 10:23 - 02054144 _____ (Farbar) C:\Users\Else und Rolf\Desktop\FRST64.exe
2014-04-16 10:17 - 2011-06-03 08:29 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-16 10:12 - 2009-07-14 19:58 - 00659004 _____ () C:\Windows\system32\perfh007.dat
2014-04-16 10:12 - 2009-07-14 19:58 - 00132542 _____ () C:\Windows\system32\perfc007.dat
2014-04-16 10:12 - 2009-07-14 07:13 - 01512182 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 10:11 - 2014-03-09 14:18 - 00001131 _____ () C:\Windows\setupact.log
2014-04-16 09:43 - 2011-05-30 16:09 - 01747138 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 09:25 - 2014-03-28 09:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4a56c3d32e39.job
2014-04-15 21:07 - 2014-04-15 21:07 - 00002986 _____ () C:\Windows\System32\Tasks\{B91069F7-2B7F-48C8-AC57-7857B00BAE78}
2014-04-15 21:07 - 2014-04-15 21:07 - 00002986 _____ () C:\Windows\System32\Tasks\{8A0E4CA1-CEB1-47B2-94D5-F9804CB63644}
2014-04-15 21:07 - 2014-04-15 21:07 - 00002986 _____ () C:\Windows\System32\Tasks\{506B393D-E6B5-408A-8AB2-A599FA0E96E2}
2014-04-15 21:05 - 2014-04-15 21:05 - 00002986 _____ () C:\Windows\System32\Tasks\{F73B4778-A9A2-42DC-A3C3-B2FCC8D8DF32}
2014-04-15 21:05 - 2014-04-15 21:05 - 00002986 _____ () C:\Windows\System32\Tasks\{E755FD61-6CA6-49BA-B2F0-6FED78C4573D}
2014-04-15 21:05 - 2014-04-15 21:05 - 00002986 _____ () C:\Windows\System32\Tasks\{407F2AC5-57B5-4D31-A883-C9F814EC372A}
2014-04-15 21:04 - 2014-04-15 21:04 - 00002986 _____ () C:\Windows\System32\Tasks\{852CFB7A-E35C-4DF9-B675-74A9BDEC0DBF}
2014-04-15 20:59 - 2011-06-03 08:29 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-15 20:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-15 20:50 - 2014-03-09 14:18 - 00000946 _____ () C:\Windows\PFRO.log
2014-04-15 20:46 - 2011-05-29 17:37 - 00000000 ____D () C:\ProgramData\G DATA
2014-03-29 11:02 - 2012-04-06 12:38 - 00000000 ____D () C:\ProgramData\Apple
2014-03-29 10:56 - 2014-03-29 10:55 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-29 10:55 - 2014-03-29 10:55 - 00001851 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-28 09:24 - 2014-03-28 09:24 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4a56c983900c
2014-03-28 09:24 - 2014-03-28 09:24 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf4a56c3d32e39
2014-03-24 22:54 - 2014-03-24 22:40 - 01462347 _____ () C:\Users\Else und Rolf\Desktop\Badplan 1.psd
2014-03-24 22:54 - 2011-05-29 08:58 - 00000000 ____D () C:\Users\Else und Rolf\AppData\Roaming\Adobe
2014-03-24 22:19 - 2014-03-24 22:19 - 00000000 ____D () C:\Program Files (x86)\KERAMAG
2014-03-24 22:19 - 2011-05-28 09:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-23 10:45 - 2014-03-23 10:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-23 10:45 - 2014-03-23 10:45 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-23 10:45 - 2011-05-29 08:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-22 10:12 - 2014-03-22 10:12 - 18993075 _____ () C:\Users\Else und Rolf\Desktop\Bad2.psd
2014-03-22 10:12 - 2014-03-22 09:39 - 04475822 _____ () C:\Users\Else und Rolf\Desktop\Wohnungsplan.psd
2014-03-22 10:08 - 2014-03-22 10:08 - 58245183 _____ () C:\Users\Else und Rolf\Desktop\Bad.psd
2014-03-19 22:58 - 2011-07-24 20:09 - 00000000 ____D () C:\Users\Else und Rolf\Documents\WORK (2012-01-14)
2014-03-17 19:48 - 2011-06-13 18:26 - 00000000 ____D () C:\Users\Else und Rolf\Documents\Else

ZeroAccess:
C:\Users\Else und Rolf\AppData\Local\{402705d0-83ae-394d-a301-cf471c37f9d1}
C:\Users\Else und Rolf\AppData\Local\{402705d0-83ae-394d-a301-cf471c37f9d1}\@

Files to move or delete:
====================
C:\ProgramData\PKP_DLdy.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT


Some content of TEMP:
====================
C:\Users\Else und Rolf\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 04:09

==================== End Of Log ============================
--- --- ---


Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-16 10:55:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV011C 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\ELSEUN~1\AppData\Local\Temp\kwldqpow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            0000000076c01465 2 bytes [C0, 76]
.text  C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            0000000076c014bb 2 bytes [C0, 76]
.text  ...                                                                                                                                        * 2
.text  C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000076c01465 2 bytes [C0, 76]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076c014bb 2 bytes [C0, 76]
.text  ...                                                                                                                                        * 2

---- EOF - GMER 2.1 ----

schrauber 17.04.2014 09:54
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM Group Policy restriction on software: C:\Program Files (x86)\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\G DATA <====== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

bodi2290 17.04.2014 13:26
Hi Danke nochmal für deine schnelle Hilfe.

Der inhalt der FixLog:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-04-2014
Ran by Else und Rolf at 2014-04-17 11:42:10 Run:1
Running from C:\Users\Else und Rolf\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files (x86)\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\G DATA <====== ATTENTION
       
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====
Combofix ist zwar ohne Fehlermeldung durchgelaufen, hat aber keine Logdatei erstellt...

Der Virenscanner scheint aber wieder normal zu arbeiten.
Kann das so sein?

schrauber 18.04.2014 10:05
C:\Combofix.txt, da sollte das Log sein.

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

bodi2290 22.04.2014 14:16
Hi Danke schonmal für die Antwort und sorry dass ich mich so spät melde :-)

mbam.txt
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 22.04.2014
Suchlauf-Zeit: 14:24:45
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.22.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Else und Rolf

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 259018
Verstrichene Zeit: 27 Min, 32 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 1
RiskWare.Tool.CK, C:\Users\Else und Rolf\Desktop\CreativeSuite 3\AdobePSCS3Extended\Adobe.CS3.Design.Premium.Keymaker.exe, In Quarantäne, [25dbab5504fcbf41fbdfef733ec25da3],

Physische Sektoren: 0
(No malicious items detected)


(end)
ADW Cleaner

Code:
# AdwCleaner v3.103 - Bericht erstellt am 22/04/2014 um 14:34:23
# Aktualisiert 21/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Else und Rolf - NOTEBOOK
# Gestartet von : C:\Users\Else und Rolf\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16421


*************************

AdwCleaner[R0].txt - [1476 octets] - [22/04/2014 14:30:54]
AdwCleaner[S0].txt - [1389 octets] - [22/04/2014 14:34:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1449 octets] ##########
JRT.txt
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Else und Rolf on 22.04.2014 at 14:39:05,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Else und Rolf\appdata\local\{402705d0-83ae-394d-a301-cf471c37f9d1}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.04.2014 at 14:55:54,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
new FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Else und Rolf (administrator) on NOTEBOOK on 22-04-2014 14:57:29
Running from C:\Users\Else und Rolf\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16395880 2009-10-03] (NVIDIA Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [321080 2009-07-27] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [G Data AntiVirus Tray] => C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe [1444472 2013-08-21] (G Data Software AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2186386748-3448033781-154322768-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247728 2012-01-23] (TomTom)
HKU\S-1-5-21-2186386748-3448033781-154322768-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\S-1-5-21-2186386748-3448033781-154322768-1000\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2186386748-3448033781-154322768-1000\...\Run: [mwfktkcz] => regsvr32.exe "C:\ProgramData\mwfktkcz.dat"
Startup: C:\Users\Else und Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Else und Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x031FD56A6269CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6D6FFE77-3346-49FD-AD00-8D7B643AF552} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.70.0.1

FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1970296 2013-08-26] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [635000 2013-08-21] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2562208 2013-10-15] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [695416 2013-08-22] (G Data Software AG)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-12-16] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2013-12-16] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon64.sys [31448 2011-05-29] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [63320 2013-12-16] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-12-16] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2013-12-16] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2013-12-16] (G Data Software AG)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-22 14:57 - 2014-04-22 14:57 - 00013399 _____ () C:\Users\Else und Rolf\Desktop\FRST.txt
2014-04-22 14:57 - 2014-04-22 14:57 - 00000000 ____D () C:\Users\Else und Rolf\Desktop\FRST-OlderVersion
2014-04-22 14:55 - 2014-04-22 14:55 - 00000883 _____ () C:\Users\Else und Rolf\Desktop\JRT.txt
2014-04-22 14:38 - 2014-04-22 14:38 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 14:36 - 2014-04-22 14:36 - 00001537 _____ () C:\Users\Else und Rolf\Desktop\AdwCleaner[S0].txt
2014-04-22 14:30 - 2014-04-22 14:34 - 00000000 ____D () C:\AdwCleaner
2014-04-22 14:30 - 2014-04-22 13:51 - 01016261 _____ (Thisisu) C:\Users\Else und Rolf\Desktop\JRT.exe
2014-04-22 14:29 - 2014-04-22 14:57 - 02061312 _____ (Farbar) C:\Users\Else und Rolf\Desktop\FRST64.exe
2014-04-22 14:29 - 2014-04-22 14:29 - 00001302 _____ () C:\Users\Else und Rolf\Desktop\mbam.txt
2014-04-22 14:29 - 2014-04-22 13:50 - 01324843 _____ () C:\Users\Else und Rolf\Desktop\adwcleaner.exe
2014-04-22 13:54 - 2014-04-22 14:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 13:53 - 2014-04-22 13:53 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-22 13:53 - 2014-04-22 13:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-22 13:53 - 2014-04-22 13:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-22 13:53 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-22 13:53 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-22 13:53 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-17 14:56 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140417-145633.backup
2014-04-17 14:52 - 2014-04-17 14:52 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-17 14:52 - 2014-04-17 14:52 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-17 14:51 - 2014-04-17 14:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-17 14:51 - 2014-04-17 14:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-17 14:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-04-17 14:08 - 2014-04-17 14:12 - 00000000 ___SD () C:\ComboFix
2014-04-17 11:48 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-17 11:48 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-17 11:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-17 11:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-17 11:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-17 11:48 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-17 11:48 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-17 11:48 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-17 11:46 - 2014-04-17 11:47 - 00000000 ____D () C:\Qoobox
2014-04-17 11:43 - 2014-04-17 11:43 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 11:38 - 2014-04-16 11:38 - 534560716 ____N () C:\Windows\MEMORY.DMP
2014-04-16 11:38 - 2014-04-16 11:38 - 00472456 _____ () C:\Windows\Minidump\041614-59919-01.dmp
2014-04-16 11:38 - 2014-04-16 11:38 - 00000000 ____D () C:\Windows\Minidump
2014-04-16 10:29 - 2014-04-22 14:57 - 00000000 ____D () C:\FRST
2014-04-16 10:28 - 2014-04-16 10:28 - 00000000 _____ () C:\Users\Else und Rolf\defogger_reenable
2014-04-15 21:07 - 2014-04-15 21:07 - 00002986 _____ () C:\Windows\System32\Tasks\{B91069F7-2B7F-48C8-AC57-7857B00BAE78}
2014-04-15 21:07 - 2014-04-15 21:07 - 00002986 _____ () C:\Windows\System32\Tasks\{8A0E4CA1-CEB1-47B2-94D5-F9804CB63644}
2014-04-15 21:07 - 2014-04-15 21:07 - 00002986 _____ () C:\Windows\System32\Tasks\{506B393D-E6B5-408A-8AB2-A599FA0E96E2}
2014-04-15 21:05 - 2014-04-15 21:05 - 00002986 _____ () C:\Windows\System32\Tasks\{F73B4778-A9A2-42DC-A3C3-B2FCC8D8DF32}
2014-04-15 21:05 - 2014-04-15 21:05 - 00002986 _____ () C:\Windows\System32\Tasks\{E755FD61-6CA6-49BA-B2F0-6FED78C4573D}
2014-04-15 21:05 - 2014-04-15 21:05 - 00002986 _____ () C:\Windows\System32\Tasks\{407F2AC5-57B5-4D31-A883-C9F814EC372A}
2014-04-15 21:04 - 2014-04-15 21:04 - 00002986 _____ () C:\Windows\System32\Tasks\{852CFB7A-E35C-4DF9-B675-74A9BDEC0DBF}
2014-03-29 10:55 - 2014-03-29 10:56 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-29 10:55 - 2014-03-29 10:55 - 00001851 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-28 09:24 - 2014-04-22 14:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4a56c3d32e39.job
2014-03-28 09:24 - 2014-04-22 14:29 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4a56c983900c.job
2014-03-28 09:24 - 2014-03-28 09:24 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4a56c983900c
2014-03-28 09:24 - 2014-03-28 09:24 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf4a56c3d32e39
2014-03-24 22:40 - 2014-03-24 22:54 - 01462347 _____ () C:\Users\Else und Rolf\Desktop\Badplan 1.psd
2014-03-24 22:19 - 2014-03-24 22:19 - 00000000 ____D () C:\Program Files (x86)\KERAMAG
2014-03-24 22:19 - 2000-09-15 03:00 - 01064456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mscomctl.ocx
2014-03-24 22:19 - 2000-09-15 03:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx
2014-03-24 22:19 - 1999-09-30 20:21 - 00166672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext35.dll
2014-03-24 22:19 - 1999-09-29 21:04 - 01238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjt4jlt.dll
2014-03-24 22:19 - 1999-09-28 22:42 - 01050896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet35.dll
2014-03-24 22:19 - 1999-09-09 23:06 - 00252688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl35.dll
2014-03-24 22:19 - 1999-09-09 23:06 - 00168720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus35.dll
2014-03-24 22:19 - 1999-08-25 15:57 - 00415504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl35.dll
2014-03-24 22:19 - 1999-07-03 23:43 - 00238609 _____ () C:\Windows\SysWOW64\ODBCJET.HLP
2014-03-24 22:19 - 1999-07-03 23:43 - 00007827 _____ () C:\Windows\SysWOW64\ODBCJET.CNT
2014-03-24 22:19 - 1999-06-10 10:34 - 00123664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint35.dll
2014-03-24 22:19 - 1999-06-10 10:34 - 00024848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter35.dll
2014-03-24 22:19 - 1999-06-07 19:59 - 00250128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspdox35.dll
2014-03-24 22:19 - 1999-04-26 21:08 - 00044304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrpfs35.dll
2014-03-24 22:19 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-03-24 22:19 - 1998-06-18 01:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL
2014-03-24 22:19 - 1998-06-01 15:37 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch35.dll
2014-03-24 22:19 - 1998-06-01 15:37 - 00294912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbse35.dll
2014-03-24 22:19 - 1998-06-01 15:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x35.dll
2014-03-24 22:19 - 1998-05-18 03:06 - 00368912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBAR332.DLL
2014-03-24 22:19 - 1998-05-05 12:36 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JETCOMP.exe
2014-03-23 10:45 - 2014-03-23 10:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-23 10:45 - 2014-03-23 10:45 - 00000000 ____D () C:\Windows\system32\Macromed

==================== One Month Modified Files and Folders =======

2014-04-22 14:57 - 2014-04-22 14:57 - 00013399 _____ () C:\Users\Else und Rolf\Desktop\FRST.txt
2014-04-22 14:57 - 2014-04-22 14:57 - 00000000 ____D () C:\Users\Else und Rolf\Desktop\FRST-OlderVersion
2014-04-22 14:57 - 2014-04-22 14:29 - 02061312 _____ (Farbar) C:\Users\Else und Rolf\Desktop\FRST64.exe
2014-04-22 14:57 - 2014-04-16 10:29 - 00000000 ____D () C:\FRST
2014-04-22 14:55 - 2014-04-22 14:55 - 00000883 _____ () C:\Users\Else und Rolf\Desktop\JRT.txt
2014-04-22 14:43 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 14:43 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 14:38 - 2014-04-22 14:38 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 14:36 - 2014-04-22 14:36 - 00001537 _____ () C:\Users\Else und Rolf\Desktop\AdwCleaner[S0].txt
2014-04-22 14:36 - 2011-06-03 08:29 - 00000000 ____D () C:\Users\Else und Rolf\AppData\Roaming\Skype
2014-04-22 14:35 - 2014-03-28 09:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4a56c3d32e39.job
2014-04-22 14:35 - 2014-03-09 14:18 - 00002206 _____ () C:\Windows\setupact.log
2014-04-22 14:35 - 2011-06-03 08:29 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-22 14:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 14:34 - 2014-04-22 14:30 - 00000000 ____D () C:\AdwCleaner
2014-04-22 14:34 - 2011-05-30 16:09 - 01769964 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 14:29 - 2014-04-22 14:29 - 00001302 _____ () C:\Users\Else und Rolf\Desktop\mbam.txt
2014-04-22 14:29 - 2014-03-28 09:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4a56c983900c.job
2014-04-22 14:28 - 2014-04-22 13:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 14:26 - 2014-03-09 14:18 - 00002550 _____ () C:\Windows\PFRO.log
2014-04-22 14:17 - 2011-06-03 08:29 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-22 13:56 - 2009-07-14 19:58 - 00659004 _____ () C:\Windows\system32\perfh007.dat
2014-04-22 13:56 - 2009-07-14 19:58 - 00132542 _____ () C:\Windows\system32\perfc007.dat
2014-04-22 13:56 - 2009-07-14 07:13 - 01512182 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-22 13:53 - 2014-04-22 13:53 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-22 13:53 - 2014-04-22 13:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-22 13:53 - 2014-04-22 13:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-22 13:51 - 2014-04-22 14:30 - 01016261 _____ (Thisisu) C:\Users\Else und Rolf\Desktop\JRT.exe
2014-04-22 13:50 - 2014-04-22 14:29 - 01324843 _____ () C:\Users\Else und Rolf\Desktop\adwcleaner.exe
2014-04-17 14:57 - 2014-04-17 14:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-17 14:52 - 2014-04-17 14:52 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-17 14:52 - 2014-04-17 14:52 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-17 14:52 - 2014-04-17 14:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-17 14:12 - 2014-04-17 14:08 - 00000000 ___SD () C:\ComboFix
2014-04-17 11:47 - 2014-04-17 11:46 - 00000000 ____D () C:\Qoobox
2014-04-17 11:43 - 2014-04-17 11:43 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 11:38 - 2014-04-16 11:38 - 534560716 ____N () C:\Windows\MEMORY.DMP
2014-04-16 11:38 - 2014-04-16 11:38 - 00472456 _____ () C:\Windows\Minidump\041614-59919-01.dmp
2014-04-16 11:38 - 2014-04-16 11:38 - 00000000 ____D () C:\Windows\Minidump
2014-04-16 10:28 - 2014-04-16 10:28 - 00000000 _____ () C:\Users\Else und Rolf\defogger_reenable
2014-04-16 10:28 - 2011-05-27 11:47 - 00000000 ____D () C:\Users\Else und Rolf
2014-04-15 21:07 - 2014-04-15 21:07 - 00002986 _____ () C:\Windows\System32\Tasks\{B91069F7-2B7F-48C8-AC57-7857B00BAE78}
2014-04-15 21:07 - 2014-04-15 21:07 - 00002986 _____ () C:\Windows\System32\Tasks\{8A0E4CA1-CEB1-47B2-94D5-F9804CB63644}
2014-04-15 21:07 - 2014-04-15 21:07 - 00002986 _____ () C:\Windows\System32\Tasks\{506B393D-E6B5-408A-8AB2-A599FA0E96E2}
2014-04-15 21:05 - 2014-04-15 21:05 - 00002986 _____ () C:\Windows\System32\Tasks\{F73B4778-A9A2-42DC-A3C3-B2FCC8D8DF32}
2014-04-15 21:05 - 2014-04-15 21:05 - 00002986 _____ () C:\Windows\System32\Tasks\{E755FD61-6CA6-49BA-B2F0-6FED78C4573D}
2014-04-15 21:05 - 2014-04-15 21:05 - 00002986 _____ () C:\Windows\System32\Tasks\{407F2AC5-57B5-4D31-A883-C9F814EC372A}
2014-04-15 21:04 - 2014-04-15 21:04 - 00002986 _____ () C:\Windows\System32\Tasks\{852CFB7A-E35C-4DF9-B675-74A9BDEC0DBF}
2014-04-15 20:46 - 2011-05-29 17:37 - 00000000 ____D () C:\ProgramData\G DATA
2014-04-03 09:51 - 2014-04-22 13:53 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-22 13:53 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-22 13:53 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-29 11:02 - 2012-04-06 12:38 - 00000000 ____D () C:\ProgramData\Apple
2014-03-29 10:56 - 2014-03-29 10:55 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-29 10:55 - 2014-03-29 10:55 - 00001851 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-28 09:24 - 2014-03-28 09:24 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4a56c983900c
2014-03-28 09:24 - 2014-03-28 09:24 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf4a56c3d32e39
2014-03-24 22:54 - 2014-03-24 22:40 - 01462347 _____ () C:\Users\Else und Rolf\Desktop\Badplan 1.psd
2014-03-24 22:54 - 2011-05-29 08:58 - 00000000 ____D () C:\Users\Else und Rolf\AppData\Roaming\Adobe
2014-03-24 22:19 - 2014-03-24 22:19 - 00000000 ____D () C:\Program Files (x86)\KERAMAG
2014-03-24 22:19 - 2011-05-28 09:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-23 10:45 - 2014-03-23 10:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-23 10:45 - 2014-03-23 10:45 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-23 10:45 - 2011-05-29 08:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

ZeroAccess:
C:\Users\Else und Rolf\AppData\Local\{402705d0-83ae-394d-a301-cf471c37f9d1}
C:\Users\Else und Rolf\AppData\Local\{402705d0-83ae-394d-a301-cf471c37f9d1}\@

Files to move or delete:
====================
C:\ProgramData\PKP_DLdy.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT


Some content of TEMP:
====================
C:\Users\Else und Rolf\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 04:09

==================== End Of Log ============================
--- --- ---

schrauber 22.04.2014 19:15

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

bodi2290 23.04.2014 10:15
Hi

new FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Else und Rolf (administrator) on NOTEBOOK on 23-04-2014 11:13:04
Running from C:\Users\Else und Rolf\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16395880 2009-10-03] (NVIDIA Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [321080 2009-07-27] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [G Data AntiVirus Tray] => C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe [1444472 2013-08-21] (G Data Software AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2186386748-3448033781-154322768-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247728 2012-01-23] (TomTom)
HKU\S-1-5-21-2186386748-3448033781-154322768-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\S-1-5-21-2186386748-3448033781-154322768-1000\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2186386748-3448033781-154322768-1000\...\Run: [mwfktkcz] => regsvr32.exe "C:\ProgramData\mwfktkcz.dat"
Startup: C:\Users\Else und Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Else und Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x031FD56A6269CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6D6FFE77-3346-49FD-AD00-8D7B643AF552} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
SearchScopes: HKCU - {6D6FFE77-3346-49FD-AD00-8D7B643AF552} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.70.0.1

FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1970296 2013-08-26] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [635000 2013-08-21] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2562208 2013-10-15] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [695416 2013-08-22] (G Data Software AG)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-12-16] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2013-12-16] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon64.sys [31448 2011-05-29] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [63320 2013-12-16] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-12-16] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2013-12-16] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2013-12-16] (G Data Software AG)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-23 11:13 - 2014-04-23 11:13 - 00013485 _____ () C:\Users\Else und Rolf\Desktop\FRST.txt
2014-04-23 11:12 - 2014-04-23 11:12 - 00000000 ____D () C:\Users\Else und Rolf\Desktop\FRST-OlderVersion
2014-04-23 11:11 - 2014-04-23 11:12 - 02061312 _____ (Farbar) C:\Users\Else und Rolf\Desktop\FRST64.exe
2014-04-23 11:10 - 2014-04-23 11:10 - 00001112 _____ () C:\Users\Else und Rolf\Desktop\checkup.txt
2014-04-23 08:24 - 2014-04-23 08:24 - 00855379 _____ () C:\Users\Else und Rolf\Downloads\SecurityCheck.exe
2014-04-23 08:24 - 2014-04-23 08:24 - 00855379 _____ () C:\Users\Else und Rolf\Desktop\SecurityCheck.exe
2014-04-23 08:24 - 2014-04-23 08:23 - 02347384 _____ (ESET) C:\Users\Else und Rolf\Desktop\esetsmartinstaller_enu.exe
2014-04-23 08:23 - 2014-04-23 08:23 - 02347384 _____ (ESET) C:\Users\Else und Rolf\Downloads\esetsmartinstaller_enu.exe
2014-04-22 14:38 - 2014-04-22 14:38 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 14:30 - 2014-04-22 14:34 - 00000000 ____D () C:\AdwCleaner
2014-04-22 13:54 - 2014-04-22 14:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 13:53 - 2014-04-22 13:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-22 13:53 - 2014-04-22 13:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-22 13:53 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-22 13:53 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-22 13:53 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-17 14:56 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140417-145633.backup
2014-04-17 14:52 - 2014-04-17 14:52 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-17 14:52 - 2014-04-17 14:52 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-17 14:51 - 2014-04-17 14:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-17 14:51 - 2014-04-17 14:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-17 14:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-04-17 14:08 - 2014-04-17 14:12 - 00000000 ___SD () C:\ComboFix
2014-04-17 11:48 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-17 11:48 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-17 11:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-17 11:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-17 11:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-17 11:48 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-17 11:48 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-17 11:48 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-17 11:46 - 2014-04-17 11:47 - 00000000 ____D () C:\Qoobox
2014-04-17 11:43 - 2014-04-17 11:43 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 11:38 - 2014-04-16 11:38 - 534560716 ____N () C:\Windows\MEMORY.DMP
2014-04-16 11:38 - 2014-04-16 11:38 - 00472456 _____ () C:\Windows\Minidump\041614-59919-01.dmp
2014-04-16 11:38 - 2014-04-16 11:38 - 00000000 ____D () C:\Windows\Minidump
2014-04-16 10:29 - 2014-04-23 11:13 - 00000000 ____D () C:\FRST
2014-04-16 10:28 - 2014-04-16 10:28 - 00000000 _____ () C:\Users\Else und Rolf\defogger_reenable
2014-04-15 21:07 - 2014-04-15 21:07 - 00002986 _____ () C:\Windows\System32\Tasks\{B91069F7-2B7F-48C8-AC57-7857B00BAE78}
2014-04-15 21:07 - 2014-04-15 21:07 - 00002986 _____ () C:\Windows\System32\Tasks\{8A0E4CA1-CEB1-47B2-94D5-F9804CB63644}
2014-04-15 21:07 - 2014-04-15 21:07 - 00002986 _____ () C:\Windows\System32\Tasks\{506B393D-E6B5-408A-8AB2-A599FA0E96E2}
2014-04-15 21:05 - 2014-04-15 21:05 - 00002986 _____ () C:\Windows\System32\Tasks\{F73B4778-A9A2-42DC-A3C3-B2FCC8D8DF32}
2014-04-15 21:05 - 2014-04-15 21:05 - 00002986 _____ () C:\Windows\System32\Tasks\{E755FD61-6CA6-49BA-B2F0-6FED78C4573D}
2014-04-15 21:05 - 2014-04-15 21:05 - 00002986 _____ () C:\Windows\System32\Tasks\{407F2AC5-57B5-4D31-A883-C9F814EC372A}
2014-04-15 21:04 - 2014-04-15 21:04 - 00002986 _____ () C:\Windows\System32\Tasks\{852CFB7A-E35C-4DF9-B675-74A9BDEC0DBF}
2014-03-29 10:55 - 2014-03-29 10:56 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-29 10:55 - 2014-03-29 10:55 - 00001851 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-28 09:24 - 2014-04-23 10:29 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4a56c983900c.job
2014-03-28 09:24 - 2014-04-23 08:29 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4a56c3d32e39.job
2014-03-28 09:24 - 2014-03-28 09:24 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4a56c983900c
2014-03-28 09:24 - 2014-03-28 09:24 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf4a56c3d32e39
2014-03-24 22:40 - 2014-03-24 22:54 - 01462347 _____ () C:\Users\Else und Rolf\Desktop\Badplan 1.psd
2014-03-24 22:19 - 2014-03-24 22:19 - 00000000 ____D () C:\Program Files (x86)\KERAMAG
2014-03-24 22:19 - 2000-09-15 03:00 - 01064456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mscomctl.ocx
2014-03-24 22:19 - 2000-09-15 03:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx
2014-03-24 22:19 - 1999-09-30 20:21 - 00166672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext35.dll
2014-03-24 22:19 - 1999-09-29 21:04 - 01238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjt4jlt.dll
2014-03-24 22:19 - 1999-09-28 22:42 - 01050896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet35.dll
2014-03-24 22:19 - 1999-09-09 23:06 - 00252688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl35.dll
2014-03-24 22:19 - 1999-09-09 23:06 - 00168720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus35.dll
2014-03-24 22:19 - 1999-08-25 15:57 - 00415504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl35.dll
2014-03-24 22:19 - 1999-07-03 23:43 - 00238609 _____ () C:\Windows\SysWOW64\ODBCJET.HLP
2014-03-24 22:19 - 1999-07-03 23:43 - 00007827 _____ () C:\Windows\SysWOW64\ODBCJET.CNT
2014-03-24 22:19 - 1999-06-10 10:34 - 00123664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint35.dll
2014-03-24 22:19 - 1999-06-10 10:34 - 00024848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter35.dll
2014-03-24 22:19 - 1999-06-07 19:59 - 00250128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspdox35.dll
2014-03-24 22:19 - 1999-04-26 21:08 - 00044304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrpfs35.dll
2014-03-24 22:19 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-03-24 22:19 - 1998-06-18 01:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL
2014-03-24 22:19 - 1998-06-01 15:37 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch35.dll
2014-03-24 22:19 - 1998-06-01 15:37 - 00294912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbse35.dll
2014-03-24 22:19 - 1998-06-01 15:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x35.dll
2014-03-24 22:19 - 1998-05-18 03:06 - 00368912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBAR332.DLL
2014-03-24 22:19 - 1998-05-05 12:36 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JETCOMP.exe

==================== One Month Modified Files and Folders =======

2014-04-23 11:13 - 2014-04-23 11:13 - 00013485 _____ () C:\Users\Else und Rolf\Desktop\FRST.txt
2014-04-23 11:13 - 2014-04-16 10:29 - 00000000 ____D () C:\FRST
2014-04-23 11:12 - 2014-04-23 11:12 - 00000000 ____D () C:\Users\Else und Rolf\Desktop\FRST-OlderVersion
2014-04-23 11:12 - 2014-04-23 11:11 - 02061312 _____ (Farbar) C:\Users\Else und Rolf\Desktop\FRST64.exe
2014-04-23 11:10 - 2014-04-23 11:10 - 00001112 _____ () C:\Users\Else und Rolf\Desktop\checkup.txt
2014-04-23 10:29 - 2014-03-28 09:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4a56c983900c.job
2014-04-23 10:17 - 2011-06-03 08:29 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-23 08:29 - 2014-03-28 09:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4a56c3d32e39.job
2014-04-23 08:28 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-23 08:28 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-23 08:24 - 2014-04-23 08:24 - 00855379 _____ () C:\Users\Else und Rolf\Downloads\SecurityCheck.exe
2014-04-23 08:24 - 2014-04-23 08:24 - 00855379 _____ () C:\Users\Else und Rolf\Desktop\SecurityCheck.exe
2014-04-23 08:24 - 2011-05-30 16:09 - 01773996 _____ () C:\Windows\WindowsUpdate.log
2014-04-23 08:23 - 2014-04-23 08:24 - 02347384 _____ (ESET) C:\Users\Else und Rolf\Desktop\esetsmartinstaller_enu.exe
2014-04-23 08:23 - 2014-04-23 08:23 - 02347384 _____ (ESET) C:\Users\Else und Rolf\Downloads\esetsmartinstaller_enu.exe
2014-04-23 08:22 - 2011-06-03 08:29 - 00000000 ____D () C:\Users\Else und Rolf\AppData\Roaming\Skype
2014-04-23 08:20 - 2014-03-09 14:18 - 00002262 _____ () C:\Windows\setupact.log
2014-04-23 08:20 - 2011-06-03 08:29 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-23 08:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 14:38 - 2014-04-22 14:38 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 14:34 - 2014-04-22 14:30 - 00000000 ____D () C:\AdwCleaner
2014-04-22 14:28 - 2014-04-22 13:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 14:26 - 2014-03-09 14:18 - 00002550 _____ () C:\Windows\PFRO.log
2014-04-22 13:56 - 2009-07-14 19:58 - 00659004 _____ () C:\Windows\system32\perfh007.dat
2014-04-22 13:56 - 2009-07-14 19:58 - 00132542 _____ () C:\Windows\system32\perfc007.dat
2014-04-22 13:56 - 2009-07-14 07:13 - 01512182 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-22 13:53 - 2014-04-22 13:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-22 13:53 - 2014-04-22 13:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-17 14:57 - 2014-04-17 14:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-17 14:52 - 2014-04-17 14:52 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-17 14:52 - 2014-04-17 14:52 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-17 14:52 - 2014-04-17 14:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-17 14:12 - 2014-04-17 14:08 - 00000000 ___SD () C:\ComboFix
2014-04-17 11:47 - 2014-04-17 11:46 - 00000000 ____D () C:\Qoobox
2014-04-17 11:43 - 2014-04-17 11:43 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 11:38 - 2014-04-16 11:38 - 534560716 ____N () C:\Windows\MEMORY.DMP
2014-04-16 11:38 - 2014-04-16 11:38 - 00472456 _____ () C:\Windows\Minidump\041614-59919-01.dmp
2014-04-16 11:38 - 2014-04-16 11:38 - 00000000 ____D () C:\Windows\Minidump
2014-04-16 10:28 - 2014-04-16 10:28 - 00000000 _____ () C:\Users\Else und Rolf\defogger_reenable
2014-04-16 10:28 - 2011-05-27 11:47 - 00000000 ____D () C:\Users\Else und Rolf
2014-04-15 21:07 - 2014-04-15 21:07 - 00002986 _____ () C:\Windows\System32\Tasks\{B91069F7-2B7F-48C8-AC57-7857B00BAE78}
2014-04-15 21:07 - 2014-04-15 21:07 - 00002986 _____ () C:\Windows\System32\Tasks\{8A0E4CA1-CEB1-47B2-94D5-F9804CB63644}
2014-04-15 21:07 - 2014-04-15 21:07 - 00002986 _____ () C:\Windows\System32\Tasks\{506B393D-E6B5-408A-8AB2-A599FA0E96E2}
2014-04-15 21:05 - 2014-04-15 21:05 - 00002986 _____ () C:\Windows\System32\Tasks\{F73B4778-A9A2-42DC-A3C3-B2FCC8D8DF32}
2014-04-15 21:05 - 2014-04-15 21:05 - 00002986 _____ () C:\Windows\System32\Tasks\{E755FD61-6CA6-49BA-B2F0-6FED78C4573D}
2014-04-15 21:05 - 2014-04-15 21:05 - 00002986 _____ () C:\Windows\System32\Tasks\{407F2AC5-57B5-4D31-A883-C9F814EC372A}
2014-04-15 21:04 - 2014-04-15 21:04 - 00002986 _____ () C:\Windows\System32\Tasks\{852CFB7A-E35C-4DF9-B675-74A9BDEC0DBF}
2014-04-15 20:46 - 2011-05-29 17:37 - 00000000 ____D () C:\ProgramData\G DATA
2014-04-03 09:51 - 2014-04-22 13:53 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-22 13:53 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-22 13:53 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-29 11:02 - 2012-04-06 12:38 - 00000000 ____D () C:\ProgramData\Apple
2014-03-29 10:56 - 2014-03-29 10:55 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-29 10:55 - 2014-03-29 10:55 - 00001851 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-28 09:24 - 2014-03-28 09:24 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4a56c983900c
2014-03-28 09:24 - 2014-03-28 09:24 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf4a56c3d32e39
2014-03-24 22:54 - 2014-03-24 22:40 - 01462347 _____ () C:\Users\Else und Rolf\Desktop\Badplan 1.psd
2014-03-24 22:54 - 2011-05-29 08:58 - 00000000 ____D () C:\Users\Else und Rolf\AppData\Roaming\Adobe
2014-03-24 22:19 - 2014-03-24 22:19 - 00000000 ____D () C:\Program Files (x86)\KERAMAG
2014-03-24 22:19 - 2011-05-28 09:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

ZeroAccess:
C:\Users\Else und Rolf\AppData\Local\{402705d0-83ae-394d-a301-cf471c37f9d1}
C:\Users\Else und Rolf\AppData\Local\{402705d0-83ae-394d-a301-cf471c37f9d1}\@

Files to move or delete:
====================
C:\ProgramData\PKP_DLdy.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT


Some content of TEMP:
====================
C:\Users\Else und Rolf\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-22 17:03

==================== End Of Log ============================
--- --- ---


checkup
Code:
Results of screen317's Security Check version 0.99.82 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
G Data AntiVirus 2014 
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File 
 Spybot - Search & Destroy
 Java(TM) 6 Update 22 
 Java(TM) 6 Update 25 
 Java version out of Date!
 Adobe Flash Player 9 Flash Player out of Date!
 Adobe Reader 10.0.1 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Spybot Teatimer.exe is disabled!
 G Data AntiVirus AVK AVKWCtlX64.exe
 G Data AntiVirus AVK AVKService.exe
 G Data AntiVirus AVKTray AVKTray.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Vom Smartinstaller gibts kein log, allerdings hat der gemeldet, dass er keine funde hatte...

schrauber 24.04.2014 07:13
Java, flash und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-2186386748-3448033781-154322768-1000\...\Run: [mwfktkcz] => regsvr32.exe "C:\ProgramData\mwfktkcz.dat"
C:\ProgramData\mwfktkcz.dat
ZeroAccess:
C:\Users\Else und Rolf\AppData\Local\{402705d0-83ae-394d-a301-cf471c37f9d1}
C:\Users\Else und Rolf\AppData\Local\{402705d0-83ae-394d-a301-cf471c37f9d1}\@
C:\ProgramData\PKP_DLdy.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST Log bitte. Noch Probleme?

bodi2290 24.04.2014 13:22
Hi,

ich musste das Laptop leider schon wieder hergeben...
Werde das aber noch nachholen. Die ganzen Programme haben aber schon wieder normal gearbeitet und keine Probleme mehr verursacht.

Fehlt nach diesem Vorgang noch ein Schritt?

schrauber 25.04.2014 08:32
Dieser Fix ist wichtig!

Danach sind wir fertig, wenn das neue FRST log sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:20 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131