Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GMER-Scan stoppt mit "Kein Datenträger" (https://www.trojaner-board.de/137995-gmer-scan-stoppt-kein-datentraeger.html)

schrauber 11.07.2013 19:09
Ja bitte. Kannst Du in den abgesicherten Modus booten und FRST versuchen?

monika.de 12.07.2013 06:46
Selbst über Nacht wurde das Tool nicht fertig und hing im gleichen Pfad fest. Ich habe es wieder gestoppt und diesen ominösen Pfad gesucht.

Dieser (versteckte) temporäre Ordner enthielt mehr als 1.000.000 :eek: kleinste Dateien (gesamt 5,5 GB) von einem Java-Programm (JOSM), bei dem im Hintergrund die Luftbilddaten verschiedener Dienste eingeblendet werden, z.B. auch Bing Aerial Maps.

In etwa 2 Stunden wird die Löschung durch sein.

Soll ich noch weitere Vorbereitungen machen, bevor ich den nächsten Versuch mit FRST mache? :dummguck:

Monika

schrauber 12.07.2013 08:39
Nee. Wenns nicht klappt im abgesicherten Modus versuchen.

monika.de 12.07.2013 09:32
So, nun klappt es endlich.

FRST lief im abgesicherten Modus. Hier sind die Log-Dateien:

FRST.txt

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-07-2013 01
Ran by Monika (administrator) on 12-07-2013 10:17:57
Running from C:\Users\Monika\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SuperHybridEngine] - AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-09-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] - AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto [803304 2009-08-28] ()
HKLM\...\Run: [UCam_Menu] - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [SynAsusAcpi] - %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyMon] - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1021424 2009-10-17] (ASUSTeK Computer Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7744032 2009-09-29] (Realtek Semiconductor)
HKLM\...\Run: [OOBESetup] - C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe /restore -"C:\Program Files\asus\OOBERegBackup\OOBEReg.ini" [2342 2009-09-18] ()
HKLM\...\Run: [DigitalZoomControl] - "C:\Program Files\ASUS\DigitalZoomControl\DigitalZoomControl.exe" [283648 2009-10-07] (ASUSTek)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [VirtualCloneDrive] - "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s [52392 2009-01-30] (Elaborate Bytes AG)
HKLM\...\Run: [IntelliPoint] - "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1797008 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\almon.exe [900160 2012-08-12] (Sophos Limited)
HKLM\...\Run: [Acrobat Assistant 7.0] - "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [483328 2008-04-23] (Adobe Systems Inc.)
HKLM\...\Run: [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [x]
HKCU\...\Run: [DeskDriveStartup] - C:\Program Files\Desk Drive\DeskDrive.exe [x]
HKCU\...\Policies\system: [disableregistrytools] 0
MountPoints2: E - E:\setup\blank.exe
MountPoints2: F - F:\autorun.exe
MountPoints2: {021cb6f4-bc1a-11df-a795-e0cb4e65b84e} - F:\autorun.exe
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Evoluent Mouse Manager.lnk
ShortcutTarget: Evoluent Mouse Manager.lnk -> C:\windows\Installer\{AD6E0AE0-DADF-480E-82AE-4CDA6035D341}\_BBBCF44DDE3DA1E118ADB6.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files\phase-6\reminder\reminder.exe (phase-6)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.webwitches.de/monika/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: ArcSoft Video Helper - {4E18E9A4-95B3-4F8B-AE3B-AB7478DE92EE} - C:\PROGRA~1\ArcSoft\TOTALM~1\codec\ArcIEVideoUp.dll (ArcSoft Inc.)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)

FireFox:
========
FF ProfilePath: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default
FF user.js: detected! => C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\user.js
FF Homepage: hxxp://www.webwitches.de/monika/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\Monika\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\searchplugins\googlede-bildersuche.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\searchplugins\linguee-de-en.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\searchplugins\metager2.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\searchplugins\openstreetmap-wiki-en.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\searchplugins\yandex.xml
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Ghostery - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\firefox@ghostery.com
FF Extension: HTTPS-Everywhere - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\https-everywhere@eff.org
FF Extension: Garmin Communicator - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: Nuke Anything Enhanced - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
FF Extension: ColorZilla - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF Extension: add-to-searchbox - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\add-to-searchbox@maltekraus.de.xpi
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

========================== Services (Whitelisted) =================

S3 Adobe Version Cue CS2; C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
S2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] ()
S2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] ()
S2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2012-12-07] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [139840 2012-07-26] (Sophos Limited)
S2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [232512 2012-08-12] (Sophos Limited)
S2 Sophos Client Firewall; C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe [89112 2012-07-26] (Sophos Limited)
S2 Sophos Client Firewall Manager; C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe [150552 2012-07-26] (Sophos Limited)
S2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-07-26] (Sophos Limited)
S2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2012-12-07] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1459264 2012-12-07] (Sophos Limited)
S2 WTGService; C:\Program Files\XSManager\WTGService.exe [312784 2009-09-25] ()
S2 XS Stick Service; C:\windows\service4g.exe [125200 2009-09-17] (4G Systems GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

S1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
S3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2010-11-23] (AVM Berlin)
S3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [105728 2013-02-15] (AVM Berlin)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2008-10-31] (Mobile Connector)
S3 cvspydr2; C:\Windows\System32\DRIVERS\cvspydr2.sys [33024 2002-04-02] (Colorvision Inc)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
S3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [22712 2010-06-23] (Evoluent)
S3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [20024 2010-06-23] ()
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21520 2010-07-21] (Microsoft Corporation)
S1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [123680 2012-07-26] (Sophos Limited)
S1 scfdriver; C:\windows\system32\Drivers\scfdriver.sys [88352 2012-07-26] (Sophos Limited)
S1 scfndis; C:\Windows\System32\DRIVERS\scfndis.sys [45856 2012-07-26] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2012-07-26] (Sophos Limited)
S1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [31736 2012-07-26] (Sophos Plc)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2010-10-21] (Sophos Plc)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-13] (Duplex Secure Ltd.)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [110592 2009-04-09] (ZTE Corporation)
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105344 2009-04-09] (ZTE Incorporated)
S1 archlp; system32\drivers\archlp.sys [x]
S3 catchme; \??\C:\Users\Monika\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-11 14:26 - 2013-07-11 16:36 - 00000000 ___SD C:\ComboFix
2013-07-11 14:26 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-11 14:26 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-11 14:26 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-11 14:26 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-11 14:26 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-11 14:26 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-11 14:26 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-11 14:26 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-11 14:24 - 2013-07-11 14:24 - 00000000 ____D C:\Windows\erdnt
2013-07-11 14:22 - 2013-07-11 14:22 - 05087643 ____R (Swearware) C:\Users\Monika\Desktop\ComboFix.exe
2013-07-11 04:03 - 2013-06-12 01:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-11 04:03 - 2013-06-12 01:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-11 04:03 - 2013-06-12 01:43 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-11 04:03 - 2013-06-12 01:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-11 04:03 - 2013-06-12 01:42 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-11 04:03 - 2013-06-07 04:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-11 04:02 - 2013-06-12 01:43 - 14329856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 04:02 - 2013-06-12 01:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-11 04:02 - 2013-06-12 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-11 04:02 - 2013-06-12 01:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-11 04:02 - 2013-06-12 01:43 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-11 04:02 - 2013-06-12 01:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-11 04:02 - 2013-06-12 01:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-11 04:02 - 2013-06-12 01:42 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-11 04:02 - 2013-06-12 01:42 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-11 04:02 - 2013-06-12 00:51 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 09:17 - 2013-07-10 09:17 - 00000000 ____D C:\FRST
2013-07-10 09:13 - 2013-07-10 09:13 - 01216688 ____A (Farbar) C:\Users\Monika\Desktop\FRST.exe
2013-07-10 04:49 - 2013-06-05 05:05 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 04:49 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 04:49 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-10 04:49 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-10 00:58 - 2013-07-10 07:49 - 00066938 ____A C:\Users\Monika\Desktop\Extras.Txt
2013-07-10 00:57 - 2013-07-10 07:49 - 00091164 ____A C:\Users\Monika\Desktop\OTL.Txt
2013-07-09 22:10 - 2013-07-09 22:11 - 00000634 ____A C:\Users\Monika\Desktop\defogger_disable.log
2013-07-09 22:10 - 2013-07-09 22:11 - 00000020 ____A C:\Users\Monika\defogger_reenable
2013-07-09 22:10 - 2013-07-09 22:10 - 00074574 ____A C:\Users\Monika\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2013-07-09 15:32 - 2013-07-09 15:32 - 00000269 ____A C:\Users\Monika\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.URL
2013-07-09 15:29 - 2013-07-09 15:29 - 00377856 ____A C:\Users\Monika\Desktop\gmer_2.1.19163.exe
2013-07-09 15:28 - 2013-07-09 15:28 - 00602112 ____A (OldTimer Tools) C:\Users\Monika\Desktop\OTL.exe
2013-07-09 15:17 - 2013-07-09 15:17 - 00050477 ____A C:\Users\Monika\Desktop\Defogger.exe
2013-07-03 09:57 - 2013-07-03 13:50 - 00000000 ____D C:\Program Files\Firefox
2013-06-29 21:53 - 2013-06-29 21:53 - 00000000 ____D C:\Users\Monika\AppData\Local\Apple Computer
2013-06-27 20:40 - 2013-06-27 20:40 - 01433536 ____A C:\Users\Monika\Desktop\GPS 2013-06-23.gpx
2013-06-26 14:31 - 2013-06-27 08:54 - 00000000 ____D C:\Program Files\Thunderbird
2013-06-26 13:48 - 2013-06-26 13:48 - 00000000 ____D C:\Users\Monika\Neuer Ordner
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ___RD C:\Users\Monika\Documents\My Stationery
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Youcam
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Visual Studio 2008
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Updater
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Mein Garmin
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\GIS DataBase
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Corel User Files
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Corel
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\capella
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Audible
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\ArcSoft
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\AdobeStockPhotos
2013-06-25 21:12 - 2013-06-25 21:11 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-23 11:06 - 2013-06-27 21:47 - 00137188 ____A C:\Users\Monika\Desktop\GPS 2013-06-23.gdb
2013-06-20 18:01 - 2013-06-20 18:01 - 00001586 ____A C:\Users\Monika\Desktop\Piffaro.txt
2013-06-19 10:58 - 2013-06-19 10:58 - 00124817 ____A C:\Users\Monika\Desktop\osmfilter.exe
2013-06-19 09:56 - 2013-06-19 10:04 - 387674571 ____A C:\Users\Monika\Desktop\africa-latest.osm.pbf
2013-06-19 09:54 - 2013-06-19 09:54 - 00283889 ____A C:\Users\Monika\Desktop\osmconvert.exe
2013-06-13 23:38 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 23:38 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-13 23:37 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 23:37 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 23:37 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 23:37 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 23:37 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 23:37 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 23:37 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-13 23:37 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-13 23:37 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 23:37 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-13 23:28 - 2013-06-13 23:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-13 23:26 - 2012-08-24 19:05 - 00136560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-06-13 23:26 - 2012-08-24 19:02 - 00369856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-06-13 23:26 - 2012-08-24 18:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-06-13 23:26 - 2012-08-24 18:56 - 01039360 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-06-13 23:26 - 2012-05-04 11:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll

==================== One Month Modified Files and Folders =======

2013-07-12 10:15 - 2012-12-28 20:46 - 00012246 ____A C:\Windows\setupact.log
2013-07-12 10:15 - 2010-10-21 15:27 - 00000142 ____A C:\Windows\ODBC.INI
2013-07-12 10:15 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-12 10:14 - 2010-02-05 07:48 - 01205046 ____A C:\Windows\WindowsUpdate.log
2013-07-12 10:14 - 2009-07-14 06:34 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-12 10:14 - 2009-07-14 06:34 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-11 20:21 - 2009-10-10 00:55 - 00062706 ____A C:\Windows\PFRO.log
2013-07-11 16:36 - 2013-07-11 14:26 - 00000000 ___SD C:\ComboFix
2013-07-11 15:45 - 2011-03-19 23:38 - 00000000 ____D C:\output media
2013-07-11 14:24 - 2013-07-11 14:24 - 00000000 ____D C:\Windows\erdnt
2013-07-11 14:22 - 2013-07-11 14:22 - 05087643 ____R (Swearware) C:\Users\Monika\Desktop\ComboFix.exe
2013-07-11 06:08 - 2011-05-03 18:52 - 00000000 ____D C:\Windows\rescache
2013-07-11 05:20 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 04:40 - 2009-07-14 06:33 - 00748064 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-11 04:39 - 2013-03-30 22:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 04:36 - 2009-07-14 09:49 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 04:36 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 04:12 - 2009-07-26 23:56 - 01635332 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-11 04:01 - 2009-10-10 00:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 03:43 - 2010-02-06 20:24 - 75699896 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-10 09:17 - 2013-07-10 09:17 - 00000000 ____D C:\FRST
2013-07-10 09:13 - 2013-07-10 09:13 - 01216688 ____A (Farbar) C:\Users\Monika\Desktop\FRST.exe
2013-07-10 07:49 - 2013-07-10 00:58 - 00066938 ____A C:\Users\Monika\Desktop\Extras.Txt
2013-07-10 07:49 - 2013-07-10 00:57 - 00091164 ____A C:\Users\Monika\Desktop\OTL.Txt
2013-07-09 22:11 - 2013-07-09 22:10 - 00000634 ____A C:\Users\Monika\Desktop\defogger_disable.log
2013-07-09 22:11 - 2013-07-09 22:10 - 00000020 ____A C:\Users\Monika\defogger_reenable
2013-07-09 22:10 - 2013-07-09 22:10 - 00074574 ____A C:\Users\Monika\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2013-07-09 22:10 - 2010-02-04 20:41 - 00000000 ____D C:\users\Monika
2013-07-09 16:01 - 2013-02-14 12:02 - 00000000 ___RD C:\Users\Monika\Desktop\Karten Institut
2013-07-09 15:32 - 2013-07-09 15:32 - 00000269 ____A C:\Users\Monika\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.URL
2013-07-09 15:29 - 2013-07-09 15:29 - 00377856 ____A C:\Users\Monika\Desktop\gmer_2.1.19163.exe
2013-07-09 15:28 - 2013-07-09 15:28 - 00602112 ____A (OldTimer Tools) C:\Users\Monika\Desktop\OTL.exe
2013-07-09 15:17 - 2013-07-09 15:17 - 00050477 ____A C:\Users\Monika\Desktop\Defogger.exe
2013-07-09 09:19 - 2012-05-03 17:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-08 21:14 - 2010-02-07 12:40 - 00000000 ____D C:\Users\Monika\AppData\Roaming\JOSM
2013-07-03 13:50 - 2013-07-03 09:57 - 00000000 ____D C:\Program Files\Firefox
2013-07-02 17:36 - 2012-11-06 15:55 - 00000000 ____D C:\Users\Monika\AppData\Roaming\XnView
2013-07-02 17:26 - 2010-02-22 15:55 - 00000000 ____D C:\Users\Monika\AppData\Roaming\FileZilla
2013-07-01 10:56 - 2009-07-14 04:04 - 00000416 ____A C:\Windows\win.ini
2013-06-29 21:53 - 2013-06-29 21:53 - 00000000 ____D C:\Users\Monika\AppData\Local\Apple Computer
2013-06-29 10:05 - 2009-07-14 06:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-27 21:47 - 2013-06-23 11:06 - 00137188 ____A C:\Users\Monika\Desktop\GPS 2013-06-23.gdb
2013-06-27 20:40 - 2013-06-27 20:40 - 01433536 ____A C:\Users\Monika\Desktop\GPS 2013-06-23.gpx
2013-06-27 15:54 - 2013-04-12 20:32 - 00000000 ____D C:\Users\Monika\AppData\Roaming\vlc
2013-06-27 08:54 - 2013-06-26 14:31 - 00000000 ____D C:\Program Files\Thunderbird
2013-06-26 13:48 - 2013-06-26 13:48 - 00000000 ____D C:\Users\Monika\Neuer Ordner
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ___RD C:\Users\Monika\Documents\My Stationery
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Youcam
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Visual Studio 2008
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Updater
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Mein Garmin
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\GIS DataBase
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Corel User Files
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Corel
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\capella
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Audible
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\ArcSoft
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\AdobeStockPhotos
2013-06-26 08:16 - 2012-11-27 19:57 - 00000000 ____D C:\Users\Monika\Desktop\fifty-fifty
2013-06-25 21:11 - 2013-06-25 21:12 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-25 21:11 - 2012-06-30 13:36 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-25 21:11 - 2010-05-14 18:16 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-25 20:48 - 2010-02-04 20:41 - 00202472 ____A C:\Users\Monika\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-24 18:04 - 2010-02-20 10:41 - 00160136 ____A C:\Windows\avmacc.log
2013-06-24 14:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\NDF
2013-06-21 12:53 - 2010-02-22 15:55 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2013-06-20 18:01 - 2013-06-20 18:01 - 00001586 ____A C:\Users\Monika\Desktop\Piffaro.txt
2013-06-20 11:06 - 2011-04-19 16:11 - 00000000 ____D C:\Users\Monika\Desktop\Musik
2013-06-19 10:58 - 2013-06-19 10:58 - 00124817 ____A C:\Users\Monika\Desktop\osmfilter.exe
2013-06-19 10:04 - 2013-06-19 09:56 - 387674571 ____A C:\Users\Monika\Desktop\africa-latest.osm.pbf
2013-06-19 09:54 - 2013-06-19 09:54 - 00283889 ____A C:\Users\Monika\Desktop\osmconvert.exe
2013-06-17 17:13 - 2012-04-10 15:11 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-15 18:54 - 2012-04-10 15:11 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-15 18:54 - 2011-10-19 19:25 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-13 23:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 23:28 - 2013-06-13 23:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-13 23:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-12 01:43 - 2013-07-11 04:03 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 01:43 - 2013-07-11 04:03 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 01:43 - 2013-07-11 04:03 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 01:43 - 2013-07-11 04:02 - 14329856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 01:43 - 2013-07-11 04:02 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 01:43 - 2013-07-11 04:02 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 01:43 - 2013-07-11 04:02 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 01:43 - 2013-07-11 04:02 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 01:42 - 2013-07-11 04:03 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 01:42 - 2013-07-11 04:03 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 01:42 - 2013-07-11 04:02 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 01:42 - 2013-07-11 04:02 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 01:42 - 2013-07-11 04:02 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 01:42 - 2013-07-11 04:02 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 00:51 - 2013-07-11 04:02 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2010-04-02 20:07

==================== End Of Log ============================
--- --- ---



Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-07-2013 01
Ran by Monika at 2013-07-12 10:25:13
Running from C:\Users\Monika\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================

 Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65
Acrobat.com (Version: 1.6.65)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.1.0)
Adobe AIR (Version: 1.5.0.7220)
Adobe Bridge 1.0 (Version: 001.000.004)
Adobe Common File Installer (Version: 1.00.001)
Adobe Creative Suite 2
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe GoLive CS2 (Version: 8.0.1)
Adobe Help Center 1.0 (Version: 1.0.1)
Adobe Illustrator CS2 (Version: 12.000.000)
Adobe InDesign CS2 (Version: 004.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader XI - Deutsch (Version: 11.0.00)
Adobe Stock Photos 1.0 (Version: 1.0.1)
Adobe SVG Viewer 3.0 (Version:  3.0)
Adobe Version Cue CS2 (Version: 2.0.1)
Agatha Christie - Und dann gabs keines mehr (Version: 1.0)
Allway Sync version 10.3.25
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
ArcGIS Desktop (Version: 9.0.0.0)
ArcGIS Tutorial Data (Version: 9.0.0.0)
ArcSoft TotalMedia Theatre 3 (Version: 3.0.18.153)
ArcView GIS 3.2a
ASUSUpdate for Eee PC (Version: 1.03.04)
Atheros Client Installation Program (Version: 7.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.10)
ATnotes Version 9.5 (Version: 9.5)
Audible Download Manager (Version: 6.6.0.12)
CanoScan 4400F
capella reader 6.0 (Version: 6.0.19.0)
CDBurnerXP (Version: 4.4.0.2838)
cGPSmapper Free 0100
Choice Guard (Version: 1.2.87.0)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
ColorVisionStartup
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Cool Record Edit Pro
Corel Graphics - Windows Shell Extension (Version: 15.2.0.686)
Corel Graphics - Windows Shell Extension (Version: 15.2.686)
CorelDRAW Graphics Suite 12 (Version: 12.0.0.458)
CorelDRAW Graphics Suite X5 - BR (Version: 15.3)
CorelDRAW Graphics Suite X5 - Capture (Version: 15.3)
CorelDRAW Graphics Suite X5 - Common (Version: 15.3)
CorelDRAW Graphics Suite X5 - Connect (Version: 15.3)
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.3)
CorelDRAW Graphics Suite X5 - DE (Version: 15.3)
CorelDRAW Graphics Suite X5 - Draw (Version: 15.3)
CorelDRAW Graphics Suite X5 - EN (Version: 15.3)
CorelDRAW Graphics Suite X5 - ES (Version: 15.3)
CorelDRAW Graphics Suite X5 - Extra Content
CorelDRAW Graphics Suite X5 - Extra Content (Version: 15.0)
CorelDRAW Graphics Suite X5 - Filters (Version: 15.3)
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.3)
CorelDRAW Graphics Suite X5 - FR (Version: 15.3)
CorelDRAW Graphics Suite X5 - IPM (Version: 15.3)
CorelDRAW Graphics Suite X5 - IT (Version: 15.3)
CorelDRAW Graphics Suite X5 - NL (Version: 15.3)
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.3)
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0)
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0)
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.3)
CorelDRAW Graphics Suite X5 - VBA (Version: 15.3)
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.3)
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.3)
CorelDRAW Graphics Suite X5 - WT (Version: 15.3)
CorelDRAW Graphics Suite X5 (Version: 15.3)
CorelDRAW(R) Graphics Suite X5 (Version: 15.2.0.686)
CyberLink YouCam (Version: 2.0.3226)
Defraggler (Version: 2.04)
DesignPro 5 (Version: 5.5.708)
Digital Zoom Control (Version: 1.0.6)
dm-Fotowelt
Dr.Eee (Version: 4.0.0.3)
ebi.BookReader3J (Version: 3.75.14)
ElsterFormular (Version: 14.1.20130301)
Evoluent Mouse Manager (Version: 4.0.0)
Express Rip Uninstall
FileZilla Client 3.7.1 (HKCU Version: 3.7.1)
FontResizer (Version: 1.01.0007)
Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
Free Sound Recorder
FRITZ!Box USB-Fernanschluss (HKCU Version: 2.3.0.2)
Garmin Communicator Plugin (Version: 2.9.1)
Garmin MapSource (Version: 6.16.3)
Garmin POI Loader (Version: 2.5.4.0)
Garmin USB Drivers (Version: 2.3.0.0)
GCstar 1.6.1 (Version: 1.6.1)
GmapTool 0.4.8
GNU Solfege 3.20.3
Google Earth (Version: 6.2.2.6613)
Gpg4win (2.1.0) (Version: 2.1.0)
GPS-Track-Analyse.NET 6.0
GRASS 6.4 (Version: 6.4.3RC3-1)
GSAK 7.7.4.36 (Final)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (Version: 1)
Hotkey Service (Version: 1.15)
IDL 8.1 (Version: 8.1.0.0)
ImgBurn (Version: 2.5.5.0)
InfraRecorder
IrfanView (remove only)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
LiveUpdate (Version: 1.19)
Magical Jelly Bean KeyFinder (Version: 2.0.8.1)
MapSource Product Install
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 8.0 (Version: 8.0.225.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 1.3.59.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (Version: 9.0.30729)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
Mozilla Thunderbird 17.0.7 (x86 de) (Version: 17.0.7)
Mp3tag v2.47b (Version: v2.47b)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MuseScore 1.3 (Version: 1.3.0)
NVIDIA Drivers (Version: 1.7)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
OOBERegBackup
OpenOffice.org 3.4.1 (Version: 3.41.9593)
OSM generic routable
PDFtoMusic Pro (Version: 1.3.1d)
phase-6 2.3.3 (Version: 2.3.3)
PL-2303 USB-to-Serial (Version: 1.00.000)
PL-2303 USB-to-Serial (Version: 1.1.0)
Print Server Utilities (Version: 4.3.8.0)
Quantum GIS Lisboa 1.8.0 Lisboa (Version: 1.8.0-r${SVN_REVISION}-2)
QuickTime (Version: 7.74.80.86)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
Realtek High Definition Audio Driver (Version: 6.0.1.5948)
REALTEK Wireless LAN Driver (Version: 1.00.0130)
RealUpgrade 1.1 (Version: 1.1.0)
Riven
SecureW2 EAP Suite 1.1.3 for Windows
Skype web features (Version: 1.0.3810)
Skype™ 6.3 (Version: 6.3.105)
Sophos Anti-Virus (Version: 10.0.10)
Sophos AutoUpdate (Version: 2.7.4.317)
Sophos Client Firewall (Version: 2.9.1)
Spesoft Audio Converter 2.20
Spoiler Sync
Spyder2express
SRS Premium Sound Control Panel (Version: 1.8.1800)
Suite Specific (Version: 2.0.0)
Super Hybrid Engine (Version: 2.09)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VirtualCloneDrive
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69)
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69)
Visual Basic for Applications (R) Core (Version: 6.4.99.69)
VLC media player 2.0.6 (Version: 2.0.6)
VTBuilder 1.5 (2013.02.12)
WASY WGEO 3.0a
WIDCOMM Bluetooth Software (Version: 6.2.5.500)
Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403) (Version: 07/17/2009 6.2.0.9403)
Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0) (Version: 07/29/2009 6.1.7100.0)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
WinGDB3 3.55.1  (Version: 3.55.1 )
WinHex
XnView 1.99.5 (Version: 1.99.5)
XSManager (Version: 3.0)
Xvid 1.1.3 final uninstall (Version: 1.1)
Zak McKracken - Between Time and Space
Z-Icon Tool (Version: 1.6)
 

==================== Restore Points  =========================

09-07-2013 07:37:13 Windows Update
11-07-2013 01:03:27 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {08510FA2-E4C3-40F5-988B-8D57B1F309B1} - System32\Tasks\{AC3ADB98-2F95-4540-A2DE-3E63C334CD6F} => S:\FRZ Vokabeln&Grammatik Klasse 8\Icd_f8\SETUP.EXE No File
Task: {0F0DD470-0884-4A3B-A30A-D966424066BD} - System32\Tasks\{B1E4D78E-2A15-43EC-98CC-3944207F1E22} => E:\Setup.exe No File
Task: {2F113A3D-0BB2-4878-BFBA-721F97D5C79B} - System32\Tasks\{07486179-B399-441E-9473-CBED97B01410} => E:\QTWSetup\Win32\express\Qt32inst.exe No File
Task: {2F9E74DE-96BE-42EF-9092-CB21AD24BB94} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {32664A1D-58F8-41C5-AE9A-2F7DE01E2485} - System32\Tasks\{2626DFDE-9998-4B08-B10A-43E768EED87A} => X:\DIRECTX\DXSETUP.EXE No File
Task: {456AC8DC-F0EF-494C-94D0-411F1CDCE341} - System32\Tasks\{ACD26E0F-319A-4B01-9F15-2D1A8CCCD0E9} => C:\Users\Monika\Desktop\Spiele\Adventure Spiel 1993 - Day_of_the_Tentacle_pt_1_2\dott.part1\DOTT.EXE No File
Task: {47CCAE02-AB2E-4221-A5C0-8E55D296EEF7} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {48F28A1D-7C4E-4E32-9624-C982D7010D38} - System32\Tasks\Color Vision => C:\Program Files\ColorVision\ColorVisionStartup\ColorVisionStartup.exe [2008-12-08] (Datacolor)
Task: {4C4CB81C-D44B-4F2F-993E-EBEADF1A69DF} - System32\Tasks\{E4EE0DF2-C134-43C0-BEB9-1449AF119E71} => C:\Programme\Riven\Riven.exe [1997-09-29] ()
Task: {54590F2A-A8B7-4A35-A148-97DAAB2C517E} - System32\Tasks\{6216A292-6F1B-45A9-BECE-A7A1339313F1} => E:\INSTALL.EXE No File
Task: {61CFE1BE-6730-41E1-B242-82856A4AFDC1} - System32\Tasks\{52A0955C-27DA-43F5-886B-80143B725E21} => C:\Program Files\ASUS\LiveUpdate\Help.exe [2009-08-28] ()
Task: {639FB2E4-6ADC-4B24-8766-A2B76D26C178} - System32\Tasks\{C5CC715B-DD21-485F-9C76-9FE574C001E4} => X:\DIRECTX\DXSETUP.EXE No File
Task: {673E74AB-867D-4C18-8A62-D5199BDA5D1F} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {705FD96D-0C46-492C-8D9C-AF7104670821} - System32\Tasks\{20CA6293-9D9D-4C73-AD0A-5D254AD8084C} => X:\Setup.exe No File
Task: {7847C8EC-C089-4228-8825-9575BDA68614} - System32\Tasks\{A1370E70-C0DE-4193-B5A6-FFDC3E02548A} => E:\Setup.exe No File
Task: {7C6B46E6-5DC8-4046-8DAB-4A4EB76359E1} - System32\Tasks\{2A763D3D-0698-407D-9514-39A4DABCB68B} => C:\Programme\Riven\Riven.exe [1997-09-29] ()
Task: {7FE812F3-EB7F-4B39-AD20-16E5C964640A} - System32\Tasks\{474F9E57-B0D8-4F3C-A531-FB38E63ACEE5} => C:\Users\Monika\Desktop\BaseCamp_332.exe No File
Task: {86FB8039-09C8-40E1-BFA0-BAD2DB94E6CC} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-15] (Adobe Systems Incorporated)
Task: {8FCC1B0B-FE5C-488D-872A-E09CB83236E6} - System32\Tasks\{4868C2A0-CF52-468A-A919-2BD4BACA3576} => E:\INSTALL.EXE No File
Task: {93EE34FD-69C0-4882-A2DC-C013DEC0A729} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {96FF85FB-44C3-455D-8CE9-D021A61A434F} - System32\Tasks\{07A11DDA-5583-4EEA-83ED-8F0909D859CC} => X:\SETUP.EXE No File
Task: {996B5846-D6F0-445D-9E90-820A643E1D95} - System32\Tasks\{8817AC13-2B51-45A3-BA48-4D7FFDB3B23D} => E:\QTWSetup\Win32\express\Qt32inst.exe No File
Task: {9B96E29E-1A6D-4DFD-8006-44B71AD277CE} - System32\Tasks\{511FC187-FA4B-407A-87A9-E6EC62DDCD8F} => E:\Setup.exe No File
Task: {9D31B7DE-5437-47CE-B8FC-616C5DE16D15} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {A698B191-0CFB-453E-91A0-316D00438D4B} - System32\Tasks\{82D67542-5293-4C3A-9F9A-E107AA0831F9} => C:\Program Files\ASUS\LiveUpdate\Help.exe [2009-08-28] ()
Task: {AB887888-2A16-4989-9038-404CC9D2355B} - System32\Tasks\{D4A61AB7-9EBB-40AA-B9D7-A4D191DCDDBE} => C:\Program Files\GCstar\bin\gcstar.exe [2010-08-25] ()
Task: {ADC46403-5143-4315-9D6B-0B599EAEE5A0} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {B01A1B11-623E-4E2D-862E-159A1DB75BFF} - System32\Tasks\{A2BF7641-2A21-4E8F-B0C1-12426538AEF8} => C:\Users\Monika\Desktop\Spiele\Adventure Spiel 1993 - Day_of_the_Tentacle_pt_1_2\dott.part1\DOTT.EXE No File
Task: {B56DCD4E-7E1E-4E9A-B065-92D6FC8FE144} - System32\Tasks\{C2F12926-0090-4A58-91A0-31B40319DD88} => C:\Programme\Riven\Riven.exe [1997-09-29] ()
Task: {BF885AD5-34C5-460C-90A4-F68D2B2F0909} - System32\Tasks\{EE110984-3846-4247-8EC7-023ED13904C1} => E:\QTWSetup\Win32\express\Qt32inst.exe No File
Task: {D40C58DB-7309-4A7D-B24A-BAC3812D97D7} - System32\Tasks\{2AD81556-D080-47BF-8AA3-1A4197C764C5} => X:\SETUP.EXE No File
Task: {D727DBA8-1EF1-4E91-BB3A-E54B3BE2C101} - System32\Tasks\{895582F2-F772-4F84-8D6E-313D7B7AB204} => X:\SETUP.EXE No File
Task: {D924D365-1DED-4B40-9CD0-FACF0DF2D8EE} - System32\Tasks\{38E95181-BCBF-497F-96FC-F22BBDA287A1} => E:\QTWSetup\Win32\express\Qt32inst.exe No File
Task: {EEC01D38-BD07-459A-9344-4D194F6FE139} - System32\Tasks\Datensicherung => C:\Program Files\Allway Sync\Bin\syncappw.exe [2010-05-31] ()
Task: {F0594BCD-9E5A-4170-9576-72552E710399} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job => C:\Program Files\Allway Sync\Bin\syncappw.exe

==================== Faulty Device Manager Devices =============

Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/11/2013 09:27:29 AM) (Source: Application Hang) (User: )
Description: Programm FRST.exe, Version 3.3.8.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e78

Startzeit: 01ce7e030853e2c0

Endzeit: 16

Anwendungspfad: C:\Users\Monika\Desktop\FRST.exe

Berichts-ID:

Error: (07/11/2013 06:24:49 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (07/11/2013 06:15:06 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/11/2013 04:37:14 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile System.Printing, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=x86 because of the following error: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. (Exception from HRESULT: 0x80070020).

Error: (07/09/2013 10:16:47 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SavService.exe, Version: 10.0.6.6995, Zeitstempel: 0x4fdb0ccb
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002fa06
ID des fehlerhaften Prozesses: 0x50c
Startzeit der fehlerhaften Anwendung: 0xSavService.exe0
Pfad der fehlerhaften Anwendung: SavService.exe1
Pfad des fehlerhaften Moduls: SavService.exe2
Berichtskennung: SavService.exe3

Error: (07/09/2013 09:21:52 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bbf1b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000708c5
ID des fehlerhaften Prozesses: 0x260
Startzeit der fehlerhaften Anwendung: 0xservices.exe0
Pfad der fehlerhaften Anwendung: services.exe1
Pfad des fehlerhaften Moduls: services.exe2
Berichtskennung: services.exe3

Error: (07/02/2013 05:54:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CorelDrw.exe, Version: 15.2.0.686, Zeitstempel: 0x4d9be3e1
Name des fehlerhaften Moduls: CorelDrw.dll, Version: 15.2.0.686, Zeitstempel: 0x4d9be79d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000d8486
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xCorelDrw.exe0
Pfad der fehlerhaften Anwendung: CorelDrw.exe1
Pfad des fehlerhaften Moduls: CorelDrw.exe2
Berichtskennung: CorelDrw.exe3

Error: (06/29/2013 10:06:27 PM) (Source: Application Hang) (User: )
Description: Programm googleearth.exe, Version 6.2.2.6613 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15c0

Startzeit: 01ce7503fe963e70

Endzeit: 121

Anwendungspfad: C:\Users\Monika\AppData\Local\Google\Google Earth\client\googleearth.exe

Berichts-ID: 490090f1-e0f7-11e2-b44e-e0cb4e65b84e

Error: (06/20/2013 00:20:38 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CorelDrw.exe, Version: 15.2.0.686, Zeitstempel: 0x4d9be3e1
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0c1c04f5
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xCorelDrw.exe0
Pfad der fehlerhaften Anwendung: CorelDrw.exe1
Pfad des fehlerhaften Moduls: CorelDrw.exe2
Berichtskennung: CorelDrw.exe3

Error: (06/17/2013 03:14:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec3cc
Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879, Zeitstempel: 0x518ec306
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001c9789
ID des fehlerhaften Prozesses: 0x13dc
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3


System errors:
=============
Error: (07/12/2013 10:17:53 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/12/2013 10:17:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/12/2013 10:17:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/12/2013 10:17:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/12/2013 10:17:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/12/2013 10:17:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/12/2013 10:17:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/12/2013 10:17:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/12/2013 10:17:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/12/2013 10:17:30 AM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}


Microsoft Office Sessions:
=========================
Error: (06/11/2012 08:28:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1190 seconds with 840 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 1791.18 MB
Available physical RAM: 1172.46 MB
Total Pagefile: 3582.36 MB
Available Pagefile: 2999.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.01 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:100 GB) (Free:37.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:122.87 GB) (Free:31.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: A973691C)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=123 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=1B)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

==================== End Of Log ============================

Monika

schrauber 12.07.2013 11:20
Versuch jetzt mal Combofix im abgesicherten Modus.

monika.de 12.07.2013 12:17
Hat auch funktioniert:
Code:
ComboFix 13-07-09.01 - Monika 12.07.2013  12:47:00.2.2 - x86 MINIMAL
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.1791.1158 [GMT 2:00]
ausgeführt von:: c:\users\Monika\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
FW: Sophos Client Firewall *Enabled* {5DC05945-DCB7-74B7-ECB2-D2D780BF0EF1}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FireFox\plugin-container.exe
c:\program files\FireFox\uninstall\helper.exe
c:\program files\FireFox\updater.exe
c:\program files\SecureW2
c:\program files\SecureW2\Uninstall.exe
c:\program files\www
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\windows\system32\regobj.dll
c:\windows\system32\Thumbs.db
c:\windows\unin0407.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-06-12 bis 2013-07-12  ))))))))))))))))))))))))))))))
.
.
2013-07-12 11:05 . 2013-07-12 11:08        --------        d-----w-        c:\users\Monika\AppData\Local\temp
2013-07-12 11:05 . 2013-07-12 11:05        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-07-12 08:18 . 2013-07-12 08:18        60872        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A776DDC4-2B64-438B-924E-A3D166A6A38B}\offreg.dll
2013-07-11 02:03 . 2013-06-07 02:37        2706432        ----a-w-        c:\windows\system32\mshtml.tlb
2013-07-11 02:03 . 2013-06-11 23:43        217600        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll
2013-07-11 02:03 . 2013-06-11 23:43        2877440        ----a-w-        c:\windows\system32\jscript9.dll
2013-07-11 02:03 . 2013-06-11 23:43        108032        ----a-w-        c:\program files\Internet Explorer\jsdebuggeride.dll
2013-07-11 02:03 . 2013-06-11 23:42        61440        ----a-w-        c:\windows\system32\iesetup.dll
2013-07-10 07:17 . 2013-07-10 07:17        --------        d-----w-        C:\FRST
2013-07-10 02:49 . 2013-04-09 23:34        1247744        ----a-w-        c:\windows\system32\DWrite.dll
2013-07-10 02:49 . 2013-05-06 04:56        1620480        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2013-07-10 02:49 . 2013-06-04 04:53        509440        ----a-w-        c:\windows\system32\qedit.dll
2013-07-10 02:49 . 2013-06-05 03:05        2347520        ----a-w-        c:\windows\system32\win32k.sys
2013-07-10 02:49 . 2013-04-10 05:04        1221632        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 02:49 . 2013-04-10 05:03        936448        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 02:49 . 2013-04-10 05:03        988672        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 02:49 . 2013-04-10 05:03        969216        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 02:48 . 2013-05-27 04:57        680960        ----a-w-        c:\program files\Windows Defender\MpSvc.dll
2013-07-10 02:48 . 2013-05-27 04:57        392704        ----a-w-        c:\program files\Windows Defender\MpClient.dll
2013-07-10 02:48 . 2013-05-27 04:57        224768        ----a-w-        c:\program files\Windows Defender\MpCommu.dll
2013-07-09 07:39 . 2013-06-12 04:18        7068072        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A776DDC4-2B64-438B-924E-A3D166A6A38B}\mpengine.dll
2013-07-03 07:57 . 2013-07-12 11:04        --------        d-----w-        c:\program files\Firefox
2013-06-29 19:53 . 2013-06-29 19:53        --------        d-----w-        c:\users\Monika\AppData\Local\Apple Computer
2013-06-26 12:31 . 2013-06-27 06:54        --------        d-----w-        c:\program files\Thunderbird
2013-06-26 11:48 . 2013-06-26 11:48        --------        d-----w-        c:\users\Monika\Neuer Ordner
2013-06-25 19:11 . 2013-06-25 19:11        94632        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2013-06-13 21:38 . 2013-04-25 23:30        1505280        ----a-w-        c:\windows\system32\d3d11.dll
2013-06-13 21:38 . 2013-05-10 03:20        24576        ----a-w-        c:\windows\system32\cryptdlg.dll
2013-06-13 21:37 . 2013-04-26 04:55        492544        ----a-w-        c:\windows\system32\win32spl.dll
2013-06-13 21:37 . 2013-05-13 04:45        140288        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-06-13 21:37 . 2013-05-13 04:45        1160192        ----a-w-        c:\windows\system32\crypt32.dll
2013-06-13 21:37 . 2013-05-13 04:45        103936        ----a-w-        c:\windows\system32\cryptnet.dll
2013-06-13 21:37 . 2013-05-13 03:08        903168        ----a-w-        c:\windows\system32\certutil.exe
2013-06-13 21:37 . 2013-05-13 03:08        43008        ----a-w-        c:\windows\system32\certenc.dll
2013-06-13 21:37 . 2013-04-17 07:02        1230336        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2013-06-13 21:37 . 2013-05-06 05:06        3968872        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-06-13 21:37 . 2013-05-06 05:06        3913576        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-06-13 21:37 . 2013-05-08 05:38        1293672        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-06-13 21:28 . 2013-06-13 21:28        --------        d-----w-        c:\program files\NVIDIA Corporation
2013-06-13 21:26 . 2012-08-24 16:57        247808        ----a-w-        c:\windows\system32\schannel.dll
2013-06-13 21:26 . 2012-08-24 17:05        136560        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2013-06-13 21:26 . 2012-08-24 17:02        369856        ----a-w-        c:\windows\system32\drivers\cng.sys
2013-06-13 21:26 . 2012-08-24 16:56        1039360        ----a-w-        c:\windows\system32\lsasrv.dll
2013-06-13 21:26 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\system32\qdvd.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-25 19:11 . 2012-06-30 11:36        867240        ----a-w-        c:\windows\system32\npDeployJava1.dll
2013-06-25 19:11 . 2010-05-14 16:16        789416        ----a-w-        c:\windows\system32\deployJava1.dll
2013-06-15 16:54 . 2012-04-10 13:11        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-06-15 16:54 . 2011-10-19 17:25        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2010-10-21 14:14        238872        ------w-        c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59        69632        ----a-w-        c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"OOBESetup"="c:\program files\asus\OOBERegBackup\OOBERegBackup.exe" [2009-09-30 338096]
"DigitalZoomControl"="c:\program files\ASUS\DigitalZoomControl\DigitalZoomControl.exe" [2009-10-07 283648]
"VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2012-08-12 900160]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2010-2-15 25214]
Evoluent Mouse Manager.lnk - c:\windows\Installer\{AD6E0AE0-DADF-480E-82AE-4CDA6035D341}\_BBBCF44DDE3DA1E118ADB6.exe [2012-10-19 4286]
phase-6 Reminder.lnk - c:\program files\phase-6\reminder\reminder.exe [2013-6-4 724992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-09-29 10:28        7744032        ----a-w-        c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"=c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"ASUS Screen Saver Protector"=c:\windows\AsScrPro.exe
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
"DTRun"=c:\program files\ArcSoft\TotalMedia Theatre 3\uDTRun.exe
"starter4g"=c:\windows\starter4g.exe
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [x]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2012-07-26 123680]
R1 scfdriver;SCF Kernel Driver;c:\windows\system32\Drivers\scfdriver.sys [2012-07-26 88352]
R1 scfndis;Sophos Client Firewall NDIS packet filter;c:\windows\system32\DRIVERS\scfndis.sys [2012-07-26 45856]
R1 SKMScan;SKMScan;c:\windows\system32\DRIVERS\skmscan.sys [2012-07-26 31736]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [2011-03-02 224256]
R2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2012-12-07 216640]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R2 Sophos Client Firewall Manager;Sophos Client Firewall Manager;c:\program files\Sophos\Sophos Client Firewall\SCFManager.exe [2012-07-26 150552]
R2 Sophos Client Firewall;Sophos Client Firewall;c:\program files\Sophos\Sophos Client Firewall\SCFService.exe [2012-07-26 89112]
R2 Sophos Web Control Service;Sophos Web Control Service;c:\program files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2012-07-26 357400]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-12-07 2869824]
R2 swi_update;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update.exe [2012-12-07 1459264]
R2 WTGService;WTGService;c:\program files\XSManager\WTGService.exe [2009-09-25 312784]
R2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2009-09-17 125200]
R3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2010-11-23 101248]
R3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2013-02-15 105728]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2008-10-31 103424]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;c:\windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [2010-06-23 22712]
R3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys [2010-06-23 20024]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 7680]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-29 997408]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2012-07-26 33696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2010-10-21 22536]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-13 691696]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2012-07-26 139840]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
LPDService        REG_MULTI_SZ          LPDSVC
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:54]
.
2011-03-01 c:\windows\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job
- c:\program files\Allway Sync\Bin\syncappw.exe [2010-07-16 16:17]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.webwitches.de/monika/
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
FF - ProfilePath - c:\users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.webwitches.de/monika/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-DeskDriveStartup - c:\program files\Desk Drive\DeskDrive.exe
AddRemove-Mozilla Firefox 22.0 (x86 de) - c:\program files\Firefox\uninstall\helper.exe
AddRemove-Riven 1.0GE - c:\windows\unin0407.exe
AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-12  13:12:53
ComboFix-quarantined-files.txt  2013-07-12 11:12
.
Vor Suchlauf: 16 Verzeichnis(se), 40.680.091.648 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 41.530.339.328 Bytes frei
.
- - End Of File - - 069CE7E6489FBB98825995C35E4D0601
A36C5E4F47E84449FF07ED3517B43A31

schrauber 12.07.2013 12:26
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


dann bitte im nomalen Modus:

neues FRST log. Noch Probleme?

monika.de 12.07.2013 12:52
Der Download von AdwCleaner wird mit folgendem Hinweis von meinem Virenscanner blockiert:
"Ort: general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Der Zugriff wurde aufgrund der Erkennung des Threats Mal/Generic-L auf der Website verweigert."

Ist der Download dennoch sicher? (Sophos ist da manchmal sehr empfindlich.)
Monika

schrauber 12.07.2013 13:28
Ja ist er :)

monika.de 12.07.2013 16:15
Ok, hier die Ergebnisse:
Code:
# AdwCleaner v2.305 - Datei am 12/07/2013 um 16:06:21 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Monika - ZWERG
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Monika\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\Software\Magical Jelly Bean\OpenCandy
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\prefs.js

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2216 octets] - [12/07/2013 16:06:21]

########## EOF - C:\AdwCleaner[S1].txt - [2276 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.7 (07.11.2013:1)
OS: Windows 7 Home Premium x86
Ran by Monika on 12.07.2013 at 16:33:10,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.07.2013 at 16:40:05,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-07-2013 01
Ran by Monika (administrator) on 12-07-2013 17:00:19
Running from C:\Users\Monika\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ASUSTek) C:\Program Files\ASUS\DigitalZoomControl\DigitalZoomControl.exe
(Elaborate Bytes AG) C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Evoluent) C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe
() C:\Windows\System32\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
() C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
() C:\Program Files\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\windows\service4g.exe
(4G Systems GmbH & Co. KG) C:\windows\starter4g.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SuperHybridEngine] - AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-09-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] - AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto [803304 2009-08-28] ()
HKLM\...\Run: [UCam_Menu] - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [SynAsusAcpi] - %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyMon] - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1021424 2009-10-17] (ASUSTeK Computer Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7744032 2009-09-29] (Realtek Semiconductor)
HKLM\...\Run: [OOBESetup] - C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe /restore -"C:\Program Files\asus\OOBERegBackup\OOBEReg.ini" [2342 2009-09-18] ()
HKLM\...\Run: [DigitalZoomControl] - "C:\Program Files\ASUS\DigitalZoomControl\DigitalZoomControl.exe" [283648 2009-10-07] (ASUSTek)
HKLM\...\Run: [VirtualCloneDrive] - "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s [52392 2009-01-30] (Elaborate Bytes AG)
HKLM\...\Run: [IntelliPoint] - "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1797008 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\almon.exe [900160 2012-08-12] (Sophos Limited)
HKLM\...\Run: [Acrobat Assistant 7.0] - "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [483328 2008-04-23] (Adobe Systems Inc.)
HKLM\...\Run: [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\windows\system32\userinit.exe, [x]
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Evoluent Mouse Manager.lnk
ShortcutTarget: Evoluent Mouse Manager.lnk -> C:\windows\Installer\{AD6E0AE0-DADF-480E-82AE-4CDA6035D341}\_BBBCF44DDE3DA1E118ADB6.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files\phase-6\reminder\reminder.exe (phase-6)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.webwitches.de/monika/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: ArcSoft Video Helper - {4E18E9A4-95B3-4F8B-AE3B-AB7478DE92EE} - C:\PROGRA~1\ArcSoft\TOTALM~1\codec\ArcIEVideoUp.dll (ArcSoft Inc.)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)

FireFox:
========
FF ProfilePath: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default
FF Homepage: hxxp://www.webwitches.de/monika/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\Monika\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\searchplugins\googlede-bildersuche.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\searchplugins\linguee-de-en.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\searchplugins\metager2.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\searchplugins\openstreetmap-wiki-en.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\searchplugins\yandex.xml
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Ghostery - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\firefox@ghostery.com
FF Extension: HTTPS-Everywhere - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\https-everywhere@eff.org
FF Extension: Garmin Communicator - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: Nuke Anything Enhanced - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
FF Extension: ColorZilla - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF Extension: add-to-searchbox - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\add-to-searchbox@maltekraus.de.xpi
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

========================== Services (Whitelisted) =================

S3 Adobe Version Cue CS2; C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] ()
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] ()
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2012-12-07] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [139840 2012-07-26] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [232512 2012-08-12] (Sophos Limited)
R2 Sophos Client Firewall; C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe [89112 2012-07-26] (Sophos Limited)
R2 Sophos Client Firewall Manager; C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe [150552 2012-07-26] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-07-26] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2012-12-07] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1459264 2012-12-07] (Sophos Limited)
R2 WTGService; C:\Program Files\XSManager\WTGService.exe [312784 2009-09-25] ()
R2 XS Stick Service; C:\windows\service4g.exe [125200 2009-09-17] (4G Systems GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2010-11-23] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [105728 2013-02-15] (AVM Berlin)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2008-10-31] (Mobile Connector)
S3 cvspydr2; C:\Windows\System32\DRIVERS\cvspydr2.sys [33024 2002-04-02] (Colorvision Inc)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
S3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [22712 2010-06-23] (Evoluent)
R3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [20024 2010-06-23] ()
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21520 2010-07-21] (Microsoft Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [123680 2012-07-26] (Sophos Limited)
R1 scfdriver; C:\windows\system32\Drivers\scfdriver.sys [88352 2012-07-26] (Sophos Limited)
R1 scfndis; C:\Windows\System32\DRIVERS\scfndis.sys [45856 2012-07-26] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2012-07-26] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [31736 2012-07-26] (Sophos Plc)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2010-10-21] (Sophos Plc)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-13] (Duplex Secure Ltd.)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [110592 2009-04-09] (ZTE Corporation)
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105344 2009-04-09] (ZTE Incorporated)
S1 archlp; system32\drivers\archlp.sys [x]
S3 catchme; \??\C:\Users\Monika\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-12 16:40 - 2013-07-12 16:40 - 00000626 ____A C:\Users\Monika\Desktop\JRT.txt
2013-07-12 16:33 - 2013-07-12 16:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-12 16:29 - 2013-07-12 16:29 - 00000022 ____A C:\Windows\S.dirmngr
2013-07-12 16:06 - 2013-07-12 16:07 - 00002345 ____A C:\Users\Monika\Desktop\AdwCleaner[S1].txt
2013-07-12 15:59 - 2013-07-12 15:59 - 00662345 ____A C:\Users\Monika\Desktop\adwcleaner.exe
2013-07-12 13:49 - 2013-07-12 13:50 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\Monika\Desktop\JRT.exe
2013-07-12 13:12 - 2013-07-12 13:12 - 00018025 ____A C:\Users\Monika\Desktop\ComboFix.txt
2013-07-12 12:43 - 2013-07-12 13:12 - 00000000 ____D C:\Qoobox
2013-07-12 10:25 - 2013-07-12 10:25 - 00027739 ____A C:\Users\Monika\Desktop\Addition.txt
2013-07-11 14:26 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-11 14:26 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-11 14:26 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-11 14:26 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-11 14:26 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-11 14:26 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-11 14:26 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-11 14:26 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-11 14:24 - 2013-07-12 13:10 - 00000000 ____D C:\Windows\erdnt
2013-07-11 14:22 - 2013-07-11 14:22 - 05087643 ____R (Swearware) C:\Users\Monika\Desktop\ComboFix.exe
2013-07-11 04:03 - 2013-06-12 01:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-11 04:03 - 2013-06-12 01:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-11 04:03 - 2013-06-12 01:43 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-11 04:03 - 2013-06-12 01:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-11 04:03 - 2013-06-12 01:42 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-11 04:03 - 2013-06-07 04:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-11 04:02 - 2013-06-12 01:43 - 14329856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 04:02 - 2013-06-12 01:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-11 04:02 - 2013-06-12 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-11 04:02 - 2013-06-12 01:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-11 04:02 - 2013-06-12 01:43 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-11 04:02 - 2013-06-12 01:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-11 04:02 - 2013-06-12 01:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-11 04:02 - 2013-06-12 01:42 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-11 04:02 - 2013-06-12 01:42 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-11 04:02 - 2013-06-12 00:51 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 09:17 - 2013-07-10 09:17 - 00000000 ____D C:\FRST
2013-07-10 09:13 - 2013-07-10 09:13 - 01216688 ____A (Farbar) C:\Users\Monika\Desktop\FRST.exe
2013-07-10 04:49 - 2013-06-05 05:05 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 04:49 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 04:49 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-10 04:49 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-10 00:58 - 2013-07-10 07:49 - 00066938 ____A C:\Users\Monika\Desktop\Extras.Txt
2013-07-10 00:57 - 2013-07-10 07:49 - 00091164 ____A C:\Users\Monika\Desktop\OTL.Txt
2013-07-09 22:10 - 2013-07-09 22:11 - 00000634 ____A C:\Users\Monika\Desktop\defogger_disable.log
2013-07-09 22:10 - 2013-07-09 22:11 - 00000020 ____A C:\Users\Monika\defogger_reenable
2013-07-09 22:10 - 2013-07-09 22:10 - 00074574 ____A C:\Users\Monika\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2013-07-09 15:32 - 2013-07-09 15:32 - 00000269 ____A C:\Users\Monika\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.URL
2013-07-09 15:29 - 2013-07-09 15:29 - 00377856 ____A C:\Users\Monika\Desktop\gmer_2.1.19163.exe
2013-07-09 15:28 - 2013-07-09 15:28 - 00602112 ____A (OldTimer Tools) C:\Users\Monika\Desktop\OTL.exe
2013-07-09 15:17 - 2013-07-09 15:17 - 00050477 ____A C:\Users\Monika\Desktop\Defogger.exe
2013-07-03 09:57 - 2013-07-12 13:04 - 00000000 ____D C:\Program Files\Firefox
2013-06-29 21:53 - 2013-06-29 21:53 - 00000000 ____D C:\Users\Monika\AppData\Local\Apple Computer
2013-06-27 20:40 - 2013-06-27 20:40 - 01433536 ____A C:\Users\Monika\Desktop\GPS 2013-06-23.gpx
2013-06-26 14:31 - 2013-06-27 08:54 - 00000000 ____D C:\Program Files\Thunderbird
2013-06-26 13:48 - 2013-06-26 13:48 - 00000000 ____D C:\Users\Monika\Neuer Ordner
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ___RD C:\Users\Monika\Documents\My Stationery
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Youcam
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Visual Studio 2008
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Updater
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Mein Garmin
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\GIS DataBase
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Corel User Files
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Corel
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\capella
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Audible
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\ArcSoft
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\AdobeStockPhotos
2013-06-25 21:12 - 2013-06-25 21:11 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-23 11:06 - 2013-06-27 21:47 - 00137188 ____A C:\Users\Monika\Desktop\GPS 2013-06-23.gdb
2013-06-20 18:01 - 2013-06-20 18:01 - 00001586 ____A C:\Users\Monika\Desktop\Piffaro.txt
2013-06-19 10:58 - 2013-06-19 10:58 - 00124817 ____A C:\Users\Monika\Desktop\osmfilter.exe
2013-06-19 09:56 - 2013-06-19 10:04 - 387674571 ____A C:\Users\Monika\Desktop\africa-latest.osm.pbf
2013-06-19 09:54 - 2013-06-19 09:54 - 00283889 ____A C:\Users\Monika\Desktop\osmconvert.exe
2013-06-13 23:38 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 23:38 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-13 23:37 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 23:37 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 23:37 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 23:37 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 23:37 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 23:37 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 23:37 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-13 23:37 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-13 23:37 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 23:37 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-13 23:28 - 2013-06-13 23:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-13 23:26 - 2012-08-24 19:05 - 00136560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-06-13 23:26 - 2012-08-24 19:02 - 00369856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-06-13 23:26 - 2012-08-24 18:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-06-13 23:26 - 2012-08-24 18:56 - 01039360 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-06-13 23:26 - 2012-05-04 11:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll

==================== One Month Modified Files and Folders =======

2013-07-12 16:40 - 2013-07-12 16:40 - 00000626 ____A C:\Users\Monika\Desktop\JRT.txt
2013-07-12 16:37 - 2009-07-14 06:34 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-12 16:37 - 2009-07-14 06:34 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-12 16:33 - 2013-07-12 16:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-12 16:33 - 2010-02-05 07:48 - 01227807 ____A C:\Windows\WindowsUpdate.log
2013-07-12 16:29 - 2013-07-12 16:29 - 00000022 ____A C:\Windows\S.dirmngr
2013-07-12 16:29 - 2010-10-21 15:27 - 00000142 ____A C:\Windows\ODBC.INI
2013-07-12 16:28 - 2012-12-28 20:46 - 00012358 ____A C:\Windows\setupact.log
2013-07-12 16:28 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-12 16:07 - 2013-07-12 16:06 - 00002345 ____A C:\Users\Monika\Desktop\AdwCleaner[S1].txt
2013-07-12 15:59 - 2013-07-12 15:59 - 00662345 ____A C:\Users\Monika\Desktop\adwcleaner.exe
2013-07-12 13:50 - 2013-07-12 13:49 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\Monika\Desktop\JRT.exe
2013-07-12 13:47 - 2009-10-10 00:55 - 00063258 ____A C:\Windows\PFRO.log
2013-07-12 13:13 - 2010-02-23 16:59 - 00000000 ____D C:\Users\Monika\AppData\Local\Apps\2.0
2013-07-12 13:12 - 2013-07-12 13:12 - 00018025 ____A C:\Users\Monika\Desktop\ComboFix.txt
2013-07-12 13:12 - 2013-07-12 12:43 - 00000000 ____D C:\Qoobox
2013-07-12 13:12 - 2013-05-25 14:25 - 00000000 ____D C:\users\Sibille
2013-07-12 13:12 - 2009-07-14 04:37 - 00000000 ___RD C:\users\Public
2013-07-12 13:10 - 2013-07-11 14:24 - 00000000 ____D C:\Windows\erdnt
2013-07-12 13:08 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini
2013-07-12 13:04 - 2013-07-03 09:57 - 00000000 ____D C:\Program Files\Firefox
2013-07-12 10:25 - 2013-07-12 10:25 - 00027739 ____A C:\Users\Monika\Desktop\Addition.txt
2013-07-11 15:45 - 2011-03-19 23:38 - 00000000 ____D C:\output media
2013-07-11 14:22 - 2013-07-11 14:22 - 05087643 ____R (Swearware) C:\Users\Monika\Desktop\ComboFix.exe
2013-07-11 06:08 - 2011-05-03 18:52 - 00000000 ____D C:\Windows\rescache
2013-07-11 05:20 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 04:40 - 2009-07-14 06:33 - 00748064 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-11 04:39 - 2013-03-30 22:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 04:36 - 2009-07-14 09:49 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 04:36 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 04:12 - 2009-07-26 23:56 - 01635332 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-11 04:01 - 2009-10-10 00:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 03:43 - 2010-02-06 20:24 - 75699896 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-10 09:17 - 2013-07-10 09:17 - 00000000 ____D C:\FRST
2013-07-10 09:13 - 2013-07-10 09:13 - 01216688 ____A (Farbar) C:\Users\Monika\Desktop\FRST.exe
2013-07-10 07:49 - 2013-07-10 00:58 - 00066938 ____A C:\Users\Monika\Desktop\Extras.Txt
2013-07-10 07:49 - 2013-07-10 00:57 - 00091164 ____A C:\Users\Monika\Desktop\OTL.Txt
2013-07-09 22:11 - 2013-07-09 22:10 - 00000634 ____A C:\Users\Monika\Desktop\defogger_disable.log
2013-07-09 22:11 - 2013-07-09 22:10 - 00000020 ____A C:\Users\Monika\defogger_reenable
2013-07-09 22:10 - 2013-07-09 22:10 - 00074574 ____A C:\Users\Monika\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2013-07-09 22:10 - 2010-02-04 20:41 - 00000000 ____D C:\users\Monika
2013-07-09 16:01 - 2013-02-14 12:02 - 00000000 ___RD C:\Users\Monika\Desktop\Karten Institut
2013-07-09 15:32 - 2013-07-09 15:32 - 00000269 ____A C:\Users\Monika\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.URL
2013-07-09 15:29 - 2013-07-09 15:29 - 00377856 ____A C:\Users\Monika\Desktop\gmer_2.1.19163.exe
2013-07-09 15:28 - 2013-07-09 15:28 - 00602112 ____A (OldTimer Tools) C:\Users\Monika\Desktop\OTL.exe
2013-07-09 15:17 - 2013-07-09 15:17 - 00050477 ____A C:\Users\Monika\Desktop\Defogger.exe
2013-07-09 09:19 - 2012-05-03 17:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-08 21:14 - 2010-02-07 12:40 - 00000000 ____D C:\Users\Monika\AppData\Roaming\JOSM
2013-07-02 17:36 - 2012-11-06 15:55 - 00000000 ____D C:\Users\Monika\AppData\Roaming\XnView
2013-07-02 17:26 - 2010-02-22 15:55 - 00000000 ____D C:\Users\Monika\AppData\Roaming\FileZilla
2013-07-01 10:56 - 2009-07-14 04:04 - 00000416 ____A C:\Windows\win.ini
2013-06-29 21:53 - 2013-06-29 21:53 - 00000000 ____D C:\Users\Monika\AppData\Local\Apple Computer
2013-06-29 10:05 - 2009-07-14 06:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-27 21:47 - 2013-06-23 11:06 - 00137188 ____A C:\Users\Monika\Desktop\GPS 2013-06-23.gdb
2013-06-27 20:40 - 2013-06-27 20:40 - 01433536 ____A C:\Users\Monika\Desktop\GPS 2013-06-23.gpx
2013-06-27 15:54 - 2013-04-12 20:32 - 00000000 ____D C:\Users\Monika\AppData\Roaming\vlc
2013-06-27 08:54 - 2013-06-26 14:31 - 00000000 ____D C:\Program Files\Thunderbird
2013-06-26 13:48 - 2013-06-26 13:48 - 00000000 ____D C:\Users\Monika\Neuer Ordner
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ___RD C:\Users\Monika\Documents\My Stationery
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Youcam
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Visual Studio 2008
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Updater
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Mein Garmin
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\GIS DataBase
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Corel User Files
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Corel
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\capella
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\Audible
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\ArcSoft
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\Users\Monika\Documents\AdobeStockPhotos
2013-06-26 08:16 - 2012-11-27 19:57 - 00000000 ____D C:\Users\Monika\Desktop\fifty-fifty
2013-06-25 21:11 - 2013-06-25 21:12 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-25 21:11 - 2012-06-30 13:36 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-25 21:11 - 2010-05-14 18:16 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-25 20:48 - 2010-02-04 20:41 - 00202472 ____A C:\Users\Monika\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-24 18:04 - 2010-02-20 10:41 - 00160136 ____A C:\Windows\avmacc.log
2013-06-24 14:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\NDF
2013-06-21 12:53 - 2010-02-22 15:55 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2013-06-20 18:01 - 2013-06-20 18:01 - 00001586 ____A C:\Users\Monika\Desktop\Piffaro.txt
2013-06-20 11:06 - 2011-04-19 16:11 - 00000000 ____D C:\Users\Monika\Desktop\Musik
2013-06-19 10:58 - 2013-06-19 10:58 - 00124817 ____A C:\Users\Monika\Desktop\osmfilter.exe
2013-06-19 10:04 - 2013-06-19 09:56 - 387674571 ____A C:\Users\Monika\Desktop\africa-latest.osm.pbf
2013-06-19 09:54 - 2013-06-19 09:54 - 00283889 ____A C:\Users\Monika\Desktop\osmconvert.exe
2013-06-17 17:13 - 2012-04-10 15:11 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-15 18:54 - 2012-04-10 15:11 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-15 18:54 - 2011-10-19 19:25 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-13 23:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 23:28 - 2013-06-13 23:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-13 23:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-12 01:43 - 2013-07-11 04:03 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 01:43 - 2013-07-11 04:03 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 01:43 - 2013-07-11 04:03 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 01:43 - 2013-07-11 04:02 - 14329856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 01:43 - 2013-07-11 04:02 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 01:43 - 2013-07-11 04:02 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 01:43 - 2013-07-11 04:02 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 01:43 - 2013-07-11 04:02 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 01:42 - 2013-07-11 04:03 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 01:42 - 2013-07-11 04:03 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 01:42 - 2013-07-11 04:02 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 01:42 - 2013-07-11 04:02 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 01:42 - 2013-07-11 04:02 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 01:42 - 2013-07-11 04:02 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 00:51 - 2013-07-11 04:02 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2010-04-02 20:07

==================== End Of Log ============================
--- --- ---



Das lief jetzt alles reibungslos.

Wenn's das war, hänge ich den Rechner mal wieder ans Netz und werde sehen, was passiert...

Monika

schrauber 12.07.2013 16:50
Mach mal, und gib bitte Rückmeldung. Wenn alles i.O ist scannen wir noch nach Resten :)

monika.de 12.07.2013 17:56
Die Kiste ist wieder online, bislang still und brav, wie's sein soll. Super!

Jetzt noch eine Nachsorge?

schrauber 12.07.2013 18:01
Erst noch nen Onlinescan :)


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte.

monika.de 14.07.2013 08:02
So, hier alle Logs:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4cad741444c2d447952bb023c2d209c9
# engine=14379
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-14 12:02:57
# local_time=2013-07-14 02:02:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 113325 125391368 0 0
# compatibility_mode=8450 16777213 100 98 44673 162236019 0 0
# scanned=408676
# found=0
# cleaned=0
# scan_time=36035
Code:
Results of screen317's Security Check version 0.99.68 
 Windows 7 Service Pack 1 x86 (UAC is disabled!) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
Sophos Anti-Virus 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spyder2express   
 Java 7 Update 25 
 Adobe Flash Player        11.7.700.224 
 Adobe Reader XI 
 Mozilla Thunderbird (17.0.7)
````````Process Check: objlist.exe by Laurent```````` 
 Sophos Sophos Anti-Virus SavService.exe 
 Sophos Sophos Anti-Virus SAVAdminService.exe 
 Sophos Sophos Anti-Virus Web Control swc_service.exe
 Sophos Sophos Anti-Virus Web Intelligence swi_service.exe
 Sophos Sophos Client Firewall SCFManager.exe 
 Sophos Sophos Client Firewall SCFService.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-07-2013
Ran by Monika (administrator) on 14-07-2013 08:54:26
Running from C:\Users\Monika\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ASUSTek) C:\Program Files\ASUS\DigitalZoomControl\DigitalZoomControl.exe
(Elaborate Bytes AG) C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Evoluent) C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe
() C:\Windows\System32\AsusService.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
() C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
() C:\Program Files\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\windows\service4g.exe
(4G Systems GmbH & Co. KG) C:\windows\starter4g.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SuperHybridEngine] - AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-09-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] - AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto [803304 2009-08-28] ()
HKLM\...\Run: [UCam_Menu] - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [SynAsusAcpi] - %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyMon] - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1021424 2009-10-17] (ASUSTeK Computer Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7744032 2009-09-29] (Realtek Semiconductor)
HKLM\...\Run: [OOBESetup] - C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe /restore -"C:\Program Files\asus\OOBERegBackup\OOBEReg.ini" [2342 2009-09-18] ()
HKLM\...\Run: [DigitalZoomControl] - "C:\Program Files\ASUS\DigitalZoomControl\DigitalZoomControl.exe" [283648 2009-10-07] (ASUSTek)
HKLM\...\Run: [VirtualCloneDrive] - "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s [52392 2009-01-30] (Elaborate Bytes AG)
HKLM\...\Run: [IntelliPoint] - "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1797008 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\almon.exe [900160 2012-08-12] (Sophos Limited)
HKLM\...\Run: [Acrobat Assistant 7.0] - "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [483328 2008-04-23] (Adobe Systems Inc.)
HKLM\...\Run: [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Evoluent Mouse Manager.lnk
ShortcutTarget: Evoluent Mouse Manager.lnk -> C:\windows\Installer\{AD6E0AE0-DADF-480E-82AE-4CDA6035D341}\_BBBCF44DDE3DA1E118ADB6.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files\phase-6\reminder\reminder.exe (phase-6)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.webwitches.de/monika/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: ArcSoft Video Helper - {4E18E9A4-95B3-4F8B-AE3B-AB7478DE92EE} - C:\PROGRA~1\ArcSoft\TOTALM~1\codec\ArcIEVideoUp.dll (ArcSoft Inc.)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default
FF Homepage: hxxp://www.webwitches.de/monika/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\Monika\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\searchplugins\googlede-bildersuche.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\searchplugins\linguee-de-en.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\searchplugins\metager2.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\searchplugins\openstreetmap-wiki-en.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\searchplugins\yandex.xml
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Ghostery - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\firefox@ghostery.com
FF Extension: HTTPS-Everywhere - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\https-everywhere@eff.org
FF Extension: Garmin Communicator - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: Nuke Anything Enhanced - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
FF Extension: ColorZilla - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF Extension: add-to-searchbox - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\add-to-searchbox@maltekraus.de.xpi
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: No Name - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\vv20jxw2.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox\firefox.exe

========================== Services (Whitelisted) =================

S3 Adobe Version Cue CS2; C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] ()
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] ()
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2012-12-07] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [139840 2012-07-26] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [232512 2012-08-12] (Sophos Limited)
R2 Sophos Client Firewall; C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe [89112 2012-07-26] (Sophos Limited)
R2 Sophos Client Firewall Manager; C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe [150552 2012-07-26] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-07-26] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2012-12-07] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1459264 2012-12-07] (Sophos Limited)
R2 WTGService; C:\Program Files\XSManager\WTGService.exe [312784 2009-09-25] ()
R2 XS Stick Service; C:\windows\service4g.exe [125200 2009-09-17] (4G Systems GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2010-11-23] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [105728 2013-02-15] (AVM Berlin)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2008-10-31] (Mobile Connector)
S3 cvspydr2; C:\Windows\System32\DRIVERS\cvspydr2.sys [33024 2002-04-02] (Colorvision Inc)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
R3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [22712 2010-06-23] (Evoluent)
R3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [20024 2010-06-23] ()
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21520 2010-07-21] (Microsoft Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [123680 2012-07-26] (Sophos Limited)
R1 scfdriver; C:\windows\system32\Drivers\scfdriver.sys [88352 2012-07-26] (Sophos Limited)
R1 scfndis; C:\Windows\System32\DRIVERS\scfndis.sys [45856 2012-07-26] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2012-07-26] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [31736 2012-07-26] (Sophos Plc)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2010-10-21] (Sophos Plc)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-13] (Duplex Secure Ltd.)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [110592 2009-04-09] (ZTE Corporation)
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105344 2009-04-09] (ZTE Incorporated)
S1 archlp; system32\drivers\archlp.sys [x]
S3 catchme; \??\C:\Users\Monika\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-14 08:28 - 2013-07-14 08:29 - 01218214 _____ (Farbar) C:\Users\Monika\Desktop\FRST.exe
2013-07-13 15:34 - 2013-07-13 15:34 - 00890988 _____ C:\Users\Monika\Desktop\SecurityCheck.exe
2013-07-12 19:29 - 2013-07-12 19:29 - 02347384 _____ (ESET) C:\Users\Monika\Downloads\esetsmartinstaller_enu.exe
2013-07-12 19:29 - 2013-07-12 19:29 - 00000000 ____D C:\Program Files\ESET
2013-07-12 19:28 - 2013-07-12 19:28 - 02347384 _____ (ESET) C:\Users\Monika\Desktop\esetsmartinstaller_enu.exe.part
2013-07-12 18:32 - 2013-07-12 18:32 - 00000022 _____ C:\windows\S.dirmngr
2013-07-12 16:40 - 2013-07-12 16:40 - 00000626 _____ C:\Users\Monika\Desktop\JRT.txt
2013-07-12 16:33 - 2013-07-12 16:33 - 00000000 ____D C:\windows\ERUNT
2013-07-12 16:06 - 2013-07-12 16:07 - 00002345 _____ C:\Users\Monika\Desktop\AdwCleaner[S1].txt
2013-07-12 15:59 - 2013-07-12 15:59 - 00662345 _____ C:\Users\Monika\Desktop\adwcleaner.exe
2013-07-12 13:49 - 2013-07-12 13:50 - 00559306 _____ (Oleg N. Scherbakov) C:\Users\Monika\Desktop\JRT.exe
2013-07-12 13:12 - 2013-07-12 13:12 - 00018025 _____ C:\Users\Monika\Desktop\ComboFix.txt
2013-07-12 12:43 - 2013-07-12 13:12 - 00000000 ____D C:\Qoobox
2013-07-12 10:25 - 2013-07-12 10:25 - 00027739 _____ C:\Users\Monika\Desktop\Addition.txt
2013-07-11 14:26 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-07-11 14:26 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-07-11 14:26 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-07-11 14:26 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-07-11 14:26 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-07-11 14:26 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-07-11 14:26 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-07-11 14:26 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-07-11 14:24 - 2013-07-12 13:10 - 00000000 ____D C:\windows\erdnt
2013-07-11 14:22 - 2013-07-11 14:22 - 05087643 ____R (Swearware) C:\Users\Monika\Desktop\ComboFix.exe
2013-07-11 04:03 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-11 04:03 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-11 04:03 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-11 04:03 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-11 04:03 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-11 04:03 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-11 04:02 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-11 04:02 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-11 04:02 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-11 04:02 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-11 04:02 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-11 04:02 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-11 04:02 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-11 04:02 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-11 04:02 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-11 04:02 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-10 09:17 - 2013-07-10 09:17 - 00000000 ____D C:\FRST
2013-07-10 04:49 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-10 04:49 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-10 04:49 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-10 04:49 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-10 00:58 - 2013-07-10 07:49 - 00066938 _____ C:\Users\Monika\Desktop\Extras.Txt
2013-07-10 00:57 - 2013-07-10 07:49 - 00091164 _____ C:\Users\Monika\Desktop\OTL.Txt
2013-07-09 22:10 - 2013-07-09 22:11 - 00000634 _____ C:\Users\Monika\Desktop\defogger_disable.log
2013-07-09 22:10 - 2013-07-09 22:11 - 00000020 _____ C:\Users\Monika\defogger_reenable
2013-07-09 22:10 - 2013-07-09 22:10 - 00074574 _____ C:\Users\Monika\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2013-07-09 15:32 - 2013-07-09 15:32 - 00000269 _____ C:\Users\Monika\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.URL
2013-07-09 15:29 - 2013-07-09 15:29 - 00377856 _____ C:\Users\Monika\Desktop\gmer_2.1.19163.exe
2013-07-09 15:28 - 2013-07-09 15:28 - 00602112 _____ (OldTimer Tools) C:\Users\Monika\Desktop\OTL.exe
2013-07-09 15:17 - 2013-07-09 15:17 - 00050477 _____ C:\Users\Monika\Desktop\Defogger.exe
2013-07-03 09:57 - 2013-07-12 13:04 - 00000000 ____D C:\Program Files\Firefox
2013-07-02 11:07 - 2013-07-02 11:07 - 00000000 ____D D:\Audio\Musik\Noten\Documents\Meine Paletten
2013-06-29 21:53 - 2013-06-29 21:53 - 00000000 ____D C:\Users\Monika\AppData\Local\Apple Computer
2013-06-27 20:40 - 2013-06-27 20:40 - 01433536 _____ C:\Users\Monika\Desktop\GPS 2013-06-23.gpx
2013-06-26 14:31 - 2013-06-27 08:54 - 00000000 ____D C:\Program Files\Thunderbird
2013-06-26 13:48 - 2013-06-26 13:48 - 00000000 ____D C:\Users\Monika\Neuer Ordner
2013-06-26 13:45 - 2013-06-26 13:45 - 00000084 ___SH D:\Audio\Musik\Noten\Documents\desktop.ini
2013-06-25 21:12 - 2013-06-25 21:11 - 00263592 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-06-23 11:06 - 2013-06-27 21:47 - 00137188 _____ C:\Users\Monika\Desktop\GPS 2013-06-23.gdb
2013-06-20 18:01 - 2013-06-20 18:01 - 00001586 _____ C:\Users\Monika\Desktop\Piffaro.txt
2013-06-19 10:58 - 2013-06-19 10:58 - 00124817 _____ C:\Users\Monika\Desktop\osmfilter.exe
2013-06-19 09:56 - 2013-06-19 10:04 - 387674571 _____ C:\Users\Monika\Desktop\africa-latest.osm.pbf
2013-06-19 09:54 - 2013-06-19 09:54 - 00283889 _____ C:\Users\Monika\Desktop\osmconvert.exe

==================== One Month Modified Files and Folders =======

2013-07-14 08:54 - 2010-02-04 20:41 - 00000000 ___RD C:\Users\Monika\Desktop
2013-07-14 08:29 - 2013-07-14 08:28 - 01218214 _____ (Farbar) C:\Users\Monika\Desktop\FRST.exe
2013-07-14 07:10 - 2010-02-05 07:48 - 01432579 _____ C:\windows\WindowsUpdate.log
2013-07-13 15:34 - 2013-07-13 15:34 - 00890988 _____ C:\Users\Monika\Desktop\SecurityCheck.exe
2013-07-12 19:29 - 2013-07-12 19:29 - 02347384 _____ (ESET) C:\Users\Monika\Downloads\esetsmartinstaller_enu.exe
2013-07-12 19:29 - 2013-07-12 19:29 - 00000000 ____D C:\Program Files\ESET
2013-07-12 19:28 - 2013-07-12 19:28 - 02347384 _____ (ESET) C:\Users\Monika\Desktop\esetsmartinstaller_enu.exe.part
2013-07-12 19:13 - 2009-07-26 23:56 - 01613340 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-12 18:50 - 2010-02-07 12:40 - 00000000 ____D C:\Users\Monika\AppData\Roaming\JOSM
2013-07-12 18:39 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-12 18:39 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-12 18:32 - 2013-07-12 18:32 - 00000022 _____ C:\windows\S.dirmngr
2013-07-12 18:31 - 2012-12-28 20:46 - 00012414 _____ C:\windows\setupact.log
2013-07-12 18:31 - 2010-10-21 15:27 - 00000142 _____ C:\windows\ODBC.INI
2013-07-12 18:31 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-12 18:30 - 2009-10-10 00:55 - 00063640 _____ C:\windows\PFRO.log
2013-07-12 16:40 - 2013-07-12 16:40 - 00000626 _____ C:\Users\Monika\Desktop\JRT.txt
2013-07-12 16:33 - 2013-07-12 16:33 - 00000000 ____D C:\windows\ERUNT
2013-07-12 16:07 - 2013-07-12 16:06 - 00002345 _____ C:\Users\Monika\Desktop\AdwCleaner[S1].txt
2013-07-12 15:59 - 2013-07-12 15:59 - 00662345 _____ C:\Users\Monika\Desktop\adwcleaner.exe
2013-07-12 13:50 - 2013-07-12 13:49 - 00559306 _____ (Oleg N. Scherbakov) C:\Users\Monika\Desktop\JRT.exe
2013-07-12 13:13 - 2010-02-23 16:59 - 00000000 ____D C:\Users\Monika\AppData\Local\Apps\2.0
2013-07-12 13:12 - 2013-07-12 13:12 - 00018025 _____ C:\Users\Monika\Desktop\ComboFix.txt
2013-07-12 13:12 - 2013-07-12 12:43 - 00000000 ____D C:\Qoobox
2013-07-12 13:12 - 2013-05-25 14:25 - 00000000 ____D C:\Users\Sibille
2013-07-12 13:12 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-12 13:10 - 2013-07-11 14:24 - 00000000 ____D C:\windows\erdnt
2013-07-12 13:08 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-07-12 13:04 - 2013-07-03 09:57 - 00000000 ____D C:\Program Files\Firefox
2013-07-12 10:25 - 2013-07-12 10:25 - 00027739 _____ C:\Users\Monika\Desktop\Addition.txt
2013-07-11 15:45 - 2011-03-19 23:38 - 00000000 ____D C:\output media
2013-07-11 14:22 - 2013-07-11 14:22 - 05087643 ____R (Swearware) C:\Users\Monika\Desktop\ComboFix.exe
2013-07-11 06:08 - 2011-05-03 18:52 - 00000000 ____D C:\windows\rescache
2013-07-11 05:20 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-11 04:40 - 2009-07-14 06:33 - 00748064 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-11 04:39 - 2013-03-30 22:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 04:36 - 2009-07-14 09:49 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 04:36 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 04:01 - 2009-10-10 00:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 03:43 - 2010-02-06 20:24 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-10 09:17 - 2013-07-10 09:17 - 00000000 ____D C:\FRST
2013-07-10 07:49 - 2013-07-10 00:58 - 00066938 _____ C:\Users\Monika\Desktop\Extras.Txt
2013-07-10 07:49 - 2013-07-10 00:57 - 00091164 _____ C:\Users\Monika\Desktop\OTL.Txt
2013-07-09 22:11 - 2013-07-09 22:10 - 00000634 _____ C:\Users\Monika\Desktop\defogger_disable.log
2013-07-09 22:11 - 2013-07-09 22:10 - 00000020 _____ C:\Users\Monika\defogger_reenable
2013-07-09 22:10 - 2013-07-09 22:10 - 00074574 _____ C:\Users\Monika\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2013-07-09 22:10 - 2010-02-04 20:41 - 00000000 ____D C:\Users\Monika
2013-07-09 16:01 - 2013-02-14 12:02 - 00000000 ___RD C:\Users\Monika\Desktop\Karten Institut
2013-07-09 15:32 - 2013-07-09 15:32 - 00000269 _____ C:\Users\Monika\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.URL
2013-07-09 15:29 - 2013-07-09 15:29 - 00377856 _____ C:\Users\Monika\Desktop\gmer_2.1.19163.exe
2013-07-09 15:28 - 2013-07-09 15:28 - 00602112 _____ (OldTimer Tools) C:\Users\Monika\Desktop\OTL.exe
2013-07-09 15:17 - 2013-07-09 15:17 - 00050477 _____ C:\Users\Monika\Desktop\Defogger.exe
2013-07-09 09:19 - 2012-05-03 17:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-02 17:36 - 2012-11-06 15:55 - 00000000 ____D C:\Users\Monika\AppData\Roaming\XnView
2013-07-02 17:26 - 2010-02-22 15:55 - 00000000 ____D C:\Users\Monika\AppData\Roaming\FileZilla
2013-07-02 11:07 - 2013-07-02 11:07 - 00000000 ____D D:\Audio\Musik\Noten\Documents\Meine Paletten
2013-07-01 10:56 - 2009-07-14 04:04 - 00000416 _____ C:\windows\win.ini
2013-06-29 21:53 - 2013-06-29 21:53 - 00000000 ____D C:\Users\Monika\AppData\Local\Apple Computer
2013-06-29 10:05 - 2009-07-14 06:53 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-06-27 21:47 - 2013-06-23 11:06 - 00137188 _____ C:\Users\Monika\Desktop\GPS 2013-06-23.gdb
2013-06-27 20:40 - 2013-06-27 20:40 - 01433536 _____ C:\Users\Monika\Desktop\GPS 2013-06-23.gpx
2013-06-27 15:54 - 2013-04-12 20:32 - 00000000 ____D C:\Users\Monika\AppData\Roaming\vlc
2013-06-27 08:54 - 2013-06-26 14:31 - 00000000 ____D C:\Program Files\Thunderbird
2013-06-26 13:48 - 2013-06-26 13:48 - 00000000 ____D C:\Users\Monika\Neuer Ordner
2013-06-26 13:45 - 2013-06-26 13:45 - 00000084 ___SH D:\Audio\Musik\Noten\Documents\desktop.ini
2013-06-26 13:45 - 2012-09-25 15:58 - 00000000 ____D D:\Audio\Musik\Noten\Documents\Myriad Documents
2013-06-26 13:45 - 2011-12-06 15:24 - 00000000 ____D D:\Audio\Musik\Noten\Documents\GIS DataBase
2013-06-26 13:45 - 2011-01-20 21:12 - 00000000 ____D D:\Audio\Musik\Noten\Documents\capella
2013-06-26 13:45 - 2010-11-14 12:12 - 00000000 ____D D:\Audio\Musik\Noten\Documents\Corel
2013-06-26 13:45 - 2010-11-14 12:11 - 00000000 ____D D:\Audio\Musik\Noten\Documents\Visual Studio 2008
2013-06-26 13:45 - 2010-04-04 10:54 - 00000000 ____D D:\Audio\Musik\Noten\Documents\Corel User Files
2013-06-26 13:45 - 2010-03-12 18:53 - 00000000 ____D D:\Audio\Musik\Noten\Documents\AdobeStockPhotos
2013-06-26 13:45 - 2010-02-15 17:44 - 00000000 ____D D:\Audio\Musik\Noten\Documents\Updater
2013-06-26 13:45 - 2010-02-14 10:10 - 00000000 ____D D:\Audio\Musik\Noten\Documents\ArcSoft
2013-06-26 13:45 - 2010-02-06 18:53 - 00000000 ____D D:\Audio\Musik\Noten\Documents\Audible
2013-06-26 13:45 - 2010-02-05 20:40 - 00000000 __RSD D:\Audio\Musik\Noten\Documents\My Stationery
2013-06-26 13:45 - 2010-02-05 20:22 - 00000000 ____D D:\Audio\Musik\Noten\Documents\Mein Garmin
2013-06-26 08:16 - 2012-11-27 19:57 - 00000000 ____D C:\Users\Monika\Desktop\fifty-fifty
2013-06-25 21:11 - 2013-06-25 21:12 - 00263592 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-06-25 21:11 - 2012-06-30 13:36 - 00867240 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll
2013-06-25 21:11 - 2010-05-14 18:16 - 00789416 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2013-06-25 20:48 - 2010-02-04 20:41 - 00202472 _____ C:\Users\Monika\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-24 18:04 - 2010-02-20 10:41 - 00160136 _____ C:\windows\avmacc.log
2013-06-24 14:08 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\NDF
2013-06-21 12:53 - 2010-03-23 18:11 - 00000000 ____D C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2013-06-21 12:53 - 2010-02-22 15:55 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2013-06-20 18:01 - 2013-06-20 18:01 - 00001586 _____ C:\Users\Monika\Desktop\Piffaro.txt
2013-06-20 11:06 - 2011-04-19 16:11 - 00000000 ____D C:\Users\Monika\Desktop\Musik
2013-06-19 10:58 - 2013-06-19 10:58 - 00124817 _____ C:\Users\Monika\Desktop\osmfilter.exe
2013-06-19 10:04 - 2013-06-19 09:56 - 387674571 _____ C:\Users\Monika\Desktop\africa-latest.osm.pbf
2013-06-19 09:54 - 2013-06-19 09:54 - 00283889 _____ C:\Users\Monika\Desktop\osmconvert.exe
2013-06-17 17:13 - 2012-04-10 15:11 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-06-15 18:54 - 2012-04-10 15:11 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-06-15 18:54 - 2011-10-19 19:25 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2010-04-02 20:07

==================== End Of Log ============================
--- --- ---


Noch weitere "Nachsorge"?
Monika

schrauber 14.07.2013 12:39
Gibt's noch Probleme? Wenn nicht sind wir fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:28 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131