Trojaner-Board - spybot findet win32.downloader.gen, löscht ihn aber nicht

hallo, Schrauber,

hier die Logs von Eset und SecurityCheck

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=85c2702f2ea1ef48b79cec97c446291d

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-09-28 09:40:21

# local_time=2012-09-28 11:40:21 (+0100, Romanische Sommerzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1280 16777215 100 0 140602 140602 0 0

# compatibility_mode=1792 16777191 100 0 16477127 16477127 0 0

# compatibility_mode=7937 16777214 28 75 759610 1863747 0 0

# compatibility_mode=8192 67108863 100 0 357 357 0 0

# scanned=245900

# found=9

# cleaned=0

# scan_time=29598

C:\Dokumente und Einstellungen\kw\Desktop\setups e64e\fc_setup0902.zip.VIR        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I

C:\Dokumente und Einstellungen\kw\Desktop\setups e64e\HSS-1.06-install-anchorfree-76-conduit.exe        a variant of Win32/HotSpotShield application (unable to clean)        00000000000000000000000000000000        I

C:\System Volume Information\_restore{EF710D4B-86A7-4635-8138-E81D2FBEE8C6}\RP932\A0184878.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I

F:\setups noch installieren\fc_setup0902.zip.VIR        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I

F:\setups noch installieren\HSS-1.06-install-anchorfree-76-conduit.exe        a variant of Win32/HotSpotShield application (unable to clean)        00000000000000000000000000000000        I

F:\backup areca c & d\93571294\120205\C\Dokumente und Einstellungen\kw\Desktop\setups e64e\HSS-1.06-install-anchorfree-76-conduit.exe        a variant of Win32/HotSpotShield application (unable to clean)        00000000000000000000000000000000        I

F:\backup areca c & d\93571294\120205\C\Dokumente und Einstellungen\kw\Desktop\setups e64e\fc_setup0902.zip.VIR        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I

F:\backup areca c & d\93571294\120205\C\Dokumente und Einstellungen\kw\Eigene Dateien\Downloads\installer_wavelab.exe        Win32/Toggle application (unable to clean)        00000000000000000000000000000000        I

F:\backup areca c & d\93571294\120205\C\Programme\PDFcreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=85c2702f2ea1ef48b79cec97c446291d

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-09-30 05:56:39

# local_time=2012-09-30 07:56:39 (+0100, Romanische Sommerzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 189331 189331 0 0

# scanned=17

# found=0

# cleaned=0

# scan_time=0

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=85c2702f2ea1ef48b79cec97c446291d

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-09-30 07:00:40

# local_time=2012-09-30 09:00:40 (+0100, Romanische Sommerzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 193172 193172 0 0

# scanned=81

# found=0

# cleaned=0

# scan_time=2

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=85c2702f2ea1ef48b79cec97c446291d

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-11-14 10:15:24

# local_time=2012-11-14 11:15:24 (+0100, Romanische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 4092849 4092849 0 0

# scanned=150

# found=0

# cleaned=0

# scan_time=10

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=85c2702f2ea1ef48b79cec97c446291d

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-11-17 06:04:15

# local_time=2012-11-17 07:04:15 (+0100, Romanische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 4268604 4268604 0 0

# scanned=291760

# found=0

# cleaned=0

# scan_time=25186

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=85c2702f2ea1ef48b79cec97c446291d

# engine=15841

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-11-11 09:21:13

# local_time=2013-11-11 10:21:13 (+0100, Romanische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=774 16777213 85 91 2638033 160914745 0 0

# scanned=21275

# found=0

# cleaned=0

# scan_time=1634

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=85c2702f2ea1ef48b79cec97c446291d

# engine=15862

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-11-13 06:22:56

# local_time=2013-11-13 07:22:56 (+0100, Romanische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=774 16777213 85 91 2756936 161033648 0 0

# scanned=108712

# found=0

# cleaned=0

# scan_time=22389

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=85c2702f2ea1ef48b79cec97c446291d

# engine=15877

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-11-14 07:21:37

# local_time=2013-11-14 08:21:37 (+0100, Romanische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=774 16777213 85 91 2846857 161123569 0 0

# scanned=135779

# found=0

# cleaned=0

# scan_time=27725

Code:

 Results of screen317's Security Check version 0.99.76  

 Windows XP Service Pack 3 x86   

 Internet Explorer 7 Out of date! 
 ``````````````Antivirus/Firewall Check:`````````````` 

 avast! Free Antivirus    

 ESET Online Scanner v3   
 `````````Anti-malware/Other Utilities Check:````````` 

 Spybot - Search & Destroy 

 Secunia PSI (3.0.0.4001)   

 Malwarebytes Anti-Malware Version 1.75.0.1300  

 CCleaner     

 Adobe Flash Player         11.9.900.117  

 Adobe Reader XI  

 Mozilla Firefox (25.0) 

 Mozilla Thunderbird (24.1.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Spybot Teatimer.exe is disabled! 

 Malwarebytes' Anti-Malware mbamscheduler.exe   

 AVAST Software Avast AvastSvc.exe  

 system32 AvastUI.exe -?-   
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C::  
 ````````````````````End of Log``````````````````````

FRST sagt mir nach dem Öffnen, ich solle die neue Version herunterladen. Versuche ich dies, erhalte ich wieder die Meldung "Die Verbindung zum Server wurde zurückgesetzt, während die Seite geladen wurde."

Sobald das Herunterladen funktioniert, mache ich den Scan und poste das Log.
Schöne Grüße
Kathrin

...d.h., zunächst bekomme ich beim Versuch, FRST herunterzuladen, die Mitteilung:
C:\Dokumente und Einstellungen\kw\Eigene Dateien\FRST.exe.part konnte nicht gespeichert werden, weil die Quelldatei nicht gelesen werden konnte.
Beim nächsten Versuch heißt es:
"Die Verbindung zum Server wurde zurückgesetzt, während die Seite geladen wurde."
Vielleicht geht es ja später am Tag...
Kathrin

hallo, Schrauber,
am Abend ließ FRST sich herunterladen, hier das Ergebnis

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-11-2013

Ran by kw adm (administrator) on KW_MEDION_E1210 on 15-11-2013 22:26:58

Running from C:\Dokumente und Einstellungen\kw\Desktop\tb prog

Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard

Internet Explorer Version 7

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(SANDBOXIE L.T.D) C:\Programme\Sandboxie\SbieSvc.exe

(Wacom Technology, Corp.) C:\Programme\Tablet\Pen\Pen_TouchService.exe

(AVAST Software) C:\Programme\AVAST Software\Avast\AvastSvc.exe

(AOMEI Tech Co., Ltd.) C:\Programme\AOMEI Backupper\ABService.exe

(Brio) C:\Programme\FolderSize\FolderSizeSvc.exe

(Nero AG) C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe

(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

() C:\Programme\System Control Manager\MSIService.exe

(Deutsche Telekom AG) C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe

() C:\WINDOWS\system32\PSIService.exe

(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe

(Secunia) C:\Programme\Secunia\PSI\PSIA.exe

(Wacom Technology, Corp.) C:\Programme\Tablet\Pen\Pen_Tablet.exe

() C:\Programme\Verbindungsassistent\WTGService.exe

(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Secunia) C:\Programme\Secunia\PSI\sua.exe

(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe

(Wacom Technology, Corp.) C:\Programme\Tablet\Pen\Pen_TabletUser.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Wacom Technology, Corp.) C:\Programme\Tablet\Pen\Pen_Tablet.exe

(Mirco-Star International  CO., LTD.) C:\Programme\System Control Manager\MGSysCtrl.exe

(Nero AG) C:\Programme\Nero\Nero 7\InCD\NBHGui.exe

(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe

(Nero AG) C:\Programme\Nero\Nero 7\InCD\InCD.exe

(ABBYY (BIT Software)) C:\Programme\ABBYY Lingvo 9.0 Multilingual Dictionary\Lvagent.exe

(Haufe-Lexware GmbH & Co. KG) C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe

(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe

(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe

(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDTray.exe

(Synaptics, Inc.) C:\Programme\Synaptics\SynTP\SynTPEnh.exe

(AVAST Software) C:\Programme\AVAST Software\Avast\avastUI.exe

(Microsoft Corporation) C:\Programme\Messenger\msmsgs.exe

(NirSoft) C:\Programme\NirSoft\Volumouse\volumouse.exe

(Secunia) C:\Programme\Secunia\PSI\psi_tray.exe

(Wacom Technology, Corp.) C:\Programme\Tablet\Pen\Pen_TouchUser.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.exe [16862208 2008-05-07] (Realtek Semiconductor Corp.)

HKLM\...\Run: [MGSysCtrl] - C:\Programme\System Control Manager\MGSysCtrl.exe [782336 2008-05-21] (Mirco-Star International  CO., LTD.)

HKLM\...\Run: [NeroFilterCheck] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)

HKLM\...\Run: [SecurDisc] - C:\Programme\Nero\Nero 7\InCD\NBHGui.exe [1629480 2007-11-26] (Nero AG)

HKLM\...\Run: [InCD] - C:\Programme\Nero\Nero 7\InCD\InCD.exe [1057064 2007-11-26] (Nero AG)

HKLM\...\Run: [Lingvo Launcher] - C:\Programme\ABBYY Lingvo 9.0 Multilingual Dictionary\LvAgent.exe [118784 2004-03-18] (ABBYY (BIT Software))

HKLM\...\Run: [LexwareInfoService] - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)

HKLM\...\Run: [SDTray] - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)

HKLM\...\Run: [SynTPEnh] - C:\Programme\Synaptics\SynTP\SynTPEnh.exe [1028096 2008-01-11] (Synaptics, Inc.)

HKLM\...\Run: [avast] - C:\Programme\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)

HKLM\...\Run: [DWQueuedReporting] - C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE [39264 2007-03-13] (Microsoft Corporation)

HKCU\...\Run: [Taskbar Shuffle] - C:\Programme\Taskbar Shuffle\taskbarshuffle.exe [818176 2008-04-17] (Jay Elaraj)

HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)

HKU\Default User\...\Run: [BullGuard] - "C:\Programme\BullGuard Software\BullGuard\bullguard.exe"

HKU\Gast\...\Run: [BullGuard] - "C:\Programme\BullGuard Software\BullGuard\bullguard.exe"

HKU\wa\...\Run: [BullGuard] - "C:\Programme\BullGuard Software\BullGuard\bullguard.exe"

HKU\wa\...\Run: [swg] - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

HKU\wa\...\Run: [SandboxieControl] - C:\Programme\Sandboxie\SbieCtrl.exe [ 2010-08-09] (SANDBOXIE L.T.D)

HKU\wa\...\Run: [MSCS] - C:\Programme\MAXA Cookie Manager\Cookie.exe /autorun

Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)

Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TabUserW.exe.lnk

ShortcutTarget: TabUserW.exe.lnk -> C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)

Startup: C:\Dokumente und Einstellungen\kw\Startmenü\Programme\Autostart\AutorunsDisabled ()

Startup: C:\Dokumente und Einstellungen\kw adm\Startmenü\Programme\Autostart\AutorunsDisabled ()

Startup: C:\Dokumente und Einstellungen\kw adm\Startmenü\Programme\Autostart\System Tray Audio Device Switcher.lnk

ShortcutTarget: System Tray Audio Device Switcher.lnk -> C:\Programme\STADS\SoundCardSwitcher.exe (Elmo's Mud Wrestling Club)

BootExecute: autocheck autochk * sdnclean.exe
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}

BHO: KeyScramblerBHO Class - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Programme\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)

BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} https://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348928819234

Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Dokumente und Einstellungen\kw adm\Anwendungsdaten\Mozilla\Firefox\Profiles\l0qlbnks.default

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Programme\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Programme\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Programme\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Programme\Java\jre6\lib\deploy\jqs\ff

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Programme\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Programme\AVAST Software\Avast\WebRep\FF

FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Programme\BullGuard Software\BullGuard\antispam\tbspamfilter
 

========================== Services (Whitelisted) =================
 

S4 AcrSch2Svc; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [846576 2012-05-10] (Acronis)

R2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)

R2 Backupper Service; C:\Programme\AOMEI Backupper\ABService.exe [29912 2013-08-23] (AOMEI Tech Co., Ltd.)

R2 FolderSize; C:\Programme\FolderSize\FolderSizeSvc.exe [114688 2013-02-12] (Brio)

S3 HRService; C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe [70336 2008-08-20] ()

S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)

R2 InCDsrv; C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe [1554728 2007-11-26] (Nero AG)

R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 Micro Star SCM; C:\Programme\System Control Manager\MSIService.exe [159744 2008-02-21] ()

S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-10-30] (Mozilla Foundation)

S4 NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [800040 2007-09-17] (Nero AG)

R2 Netzmanager Service; C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG)

S4 NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)

S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)

R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] ()

S4 RichVideo; C:\Programme\Cyberlink\Shared files\RichVideo.exe [171040 2007-01-08] ()

R2 SbieSvc; C:\Programme\Sandboxie\SbieSvc.exe [75496 2010-08-09] (SANDBOXIE L.T.D)

R2 SDScannerService; C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)

S2 SDWSCService; C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)

R2 Secunia PSI Agent; C:\Programme\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)

R2 Secunia Update Agent; C:\Programme\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)

R2 TabletServicePen; C:\Programme\Tablet\Pen\Pen_Tablet.exe [5554552 2011-09-08] (Wacom Technology, Corp.)

R2 TouchServicePen; C:\Programme\Tablet\Pen\Pen_TouchService.exe [451960 2011-09-08] (Wacom Technology, Corp.)

S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)

R2 WTGService; C:\Programme\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()

S4 0185721349436544mcinstcleanup; C:\DOKUME~1\KWADM~1\LOKALE~1\Temp\018572~1.EXE -cleanup -nolog [x]

S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
 

==================== Drivers (Whitelisted) ====================
 

S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2013-05-07] ()

R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [129720 2013-05-07] ()

R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [14392 2013-02-06] ()

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)

R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-08-30] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()

R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)

R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()

S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)

R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [57112 2011-03-28] (Paragon Software Group)

R4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [118952 2007-11-26] (Nero AG)

R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [36776 2007-11-26] (Nero AG)

U1 InCDrec; C:\Windows\System32\Drivers\InCDrec.sys [16040 2007-11-26] (Nero AG)

S1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [38440 2007-11-26] (Nero AG)

R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [173880 2011-12-15] (QFX Software Corporation)

S1 M9207; C:\Windows\System32\DRIVERS\M9207BDA.sys [36096 2005-09-23] (Animation Technologies Inc.)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)

S3 MTOnlPktAlyX; C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [17664 2005-09-28] (T-Online International AG, Marmiko IT-Solutions GmbH)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)

S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)

S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2007-11-06] (CACE Technologies)

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2011-12-16] (Secunia)

R3 RSUSBSTOR; C:\Windows\System32\Drivers\RTS5121.sys [153600 2008-03-27] (Realtek Semiconductor Corporation)

R3 RT80x86; C:\Windows\System32\DRIVERS\RT2860.sys [572416 2007-11-15] (Ralink Technology, Corp.)

R3 SbieDrv; C:\Programme\Sandboxie\SbieDrv.sys [123112 2010-08-09] (SANDBOXIE L.T.D)

S4 TelekomNM3; C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)

R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [40824 2011-03-28] (Windows (R) 2000 DDK provider)

R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [381032 2011-03-28] (Paragon)

R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [125472 2012-10-29] (Acronis)

R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2012-10-29] (Acronis)

S3 catchme; \??\C:\DOKUME~1\KWADM~1\LOKALE~1\Temp\catchme.sys [x]

S4 IntelIde; No ImagePath

U3 TlntSvr; 
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-11-15 00:21 - 2013-11-15 00:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$

2013-11-15 00:20 - 2013-11-15 00:20 - 00011742 _____ C:\WINDOWS\KB2900986.log

2013-11-15 00:20 - 2013-11-15 00:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$

2013-11-15 00:19 - 2013-11-15 00:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$

2013-11-15 00:18 - 2013-11-15 00:21 - 00014780 _____ C:\WINDOWS\ocgen.log

2013-11-15 00:18 - 2013-11-15 00:21 - 00010272 _____ C:\WINDOWS\comsetup.log

2013-11-15 00:18 - 2013-11-15 00:21 - 00001393 _____ C:\WINDOWS\imsins.log

2013-11-15 00:18 - 2013-11-15 00:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$

2013-11-13 07:44 - 2013-11-13 07:44 - 00266094 _____ C:\Dokumente und Einstellungen\kw\Eigene Dateien\as 01311.php

2013-11-13 06:26 - 2013-11-15 00:21 - 00026081 _____ C:\WINDOWS\KB2868626.log

2013-11-13 06:26 - 2013-11-15 00:20 - 00025799 _____ C:\WINDOWS\KB2862152.log

2013-11-13 06:26 - 2013-11-15 00:19 - 00138979 _____ C:\WINDOWS\KB2888505-IE7.log

2013-11-13 06:26 - 2013-11-15 00:18 - 00015957 _____ C:\WINDOWS\KB2876331.log

2013-11-12 23:15 - 2013-11-15 20:50 - 00000000 ____D C:\Programme\Mozilla Firefox

2013-11-12 23:15 - 2013-11-12 23:15 - 00000706 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk

2013-11-10 19:26 - 2013-11-10 19:26 - 00000000 ____D C:\WINDOWS\ERUNT

2013-11-10 17:45 - 2013-11-10 18:10 - 00000000 ____D C:\AdwCleaner

2013-11-10 16:57 - 2013-11-10 16:57 - 00000760 _____ C:\Dokumente und Einstellungen\All Users\Desktop\mam.lnk

2013-11-10 16:57 - 2013-11-10 16:57 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware

2013-11-10 16:57 - 2013-11-10 16:57 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

2013-11-10 16:57 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2013-11-10 12:55 - 2013-11-10 12:56 - 00000000 ____D C:\Dokumente und Einstellungen\kw\Eigene Dateien\briefe

2013-11-08 23:20 - 2013-11-09 18:31 - 00000000 ____D C:\Qoobox

2013-11-08 23:20 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe

2013-11-08 23:20 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe

2013-11-08 23:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe

2013-11-08 23:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe

2013-11-08 23:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe

2013-11-08 23:20 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe

2013-11-08 23:20 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe

2013-11-08 23:20 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe

2013-11-08 23:20 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe

2013-11-08 23:12 - 2013-11-08 23:13 - 05145633 ____R (Swearware) C:\Dokumente und Einstellungen\kw\Desktop\ComboFix.exe

2013-11-08 17:09 - 2013-11-15 22:26 - 00000000 ____D C:\Dokumente und Einstellungen\kw\Desktop\tb prog

2013-11-07 11:45 - 2013-11-10 19:54 - 00000000 ____D C:\Dokumente und Einstellungen\kw\Desktop\tb logs 01311

2013-11-04 20:19 - 2013-11-04 20:19 - 00000000 ____D C:\FRST

2013-11-03 23:37 - 2013-11-15 00:21 - 00013104 _____ C:\WINDOWS\setupapi.log

2013-10-27 21:12 - 2013-10-27 21:12 - 00240026 _____ C:\Dokumente und Einstellungen\kw\Eigene Dateien\komoloko.php

2013-10-26 19:05 - 2013-10-26 19:05 - 00090112 _____ C:\WINDOWS\Minidump\Mini102613-01.dmp

2013-10-26 19:03 - 2013-10-26 19:03 - 00000000 ____D C:\found.002

2013-10-18 07:42 - 2013-10-18 09:16 - 00001642 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Thunderbird.lnk
 

==================== One Month Modified Files and Folders =======
 

2013-11-15 22:26 - 2013-11-08 17:09 - 00000000 ____D C:\Dokumente und Einstellungen\kw\Desktop\tb prog

2013-11-15 22:25 - 2012-08-01 14:58 - 00001766 _____ C:\Dokumente und Einstellungen\kw\Eigene Dateien\Default.rdp

2013-11-15 21:54 - 2012-09-29 16:31 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2013-11-15 20:50 - 2013-11-12 23:15 - 00000000 ____D C:\Programme\Mozilla Firefox

2013-11-15 20:08 - 2008-05-24 10:21 - 01831535 _____ C:\WINDOWS\WindowsUpdate.log

2013-11-15 19:54 - 2013-08-31 08:04 - 00032326 _____ C:\WINDOWS\SchedLgU.Txt

2013-11-15 18:48 - 2013-10-12 09:34 - 00000356 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job

2013-11-15 18:47 - 2013-05-14 06:02 - 00000612 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job

2013-11-15 18:45 - 2008-05-24 11:15 - 00000159 _____ C:\WINDOWS\wiadebug.log

2013-11-15 18:45 - 2008-05-24 11:15 - 00000050 _____ C:\WINDOWS\wiaservc.log

2013-11-15 18:44 - 2008-05-24 10:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-11-15 08:11 - 2013-05-14 06:02 - 00524288 _____ C:\WINDOWS\system32\config\SpybotSD.evt

2013-11-15 08:09 - 2008-07-04 22:34 - 00000190 ___SH C:\Dokumente und Einstellungen\kw\ntuser.ini

2013-11-15 00:21 - 2013-11-15 00:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$

2013-11-15 00:21 - 2013-11-15 00:18 - 00014780 _____ C:\WINDOWS\ocgen.log

2013-11-15 00:21 - 2013-11-15 00:18 - 00010272 _____ C:\WINDOWS\comsetup.log

2013-11-15 00:21 - 2013-11-15 00:18 - 00001393 _____ C:\WINDOWS\imsins.log

2013-11-15 00:21 - 2013-11-13 06:26 - 00026081 _____ C:\WINDOWS\KB2868626.log

2013-11-15 00:21 - 2013-11-03 23:37 - 00013104 _____ C:\WINDOWS\setupapi.log

2013-11-15 00:21 - 2008-05-24 12:05 - 00248841 _____ C:\WINDOWS\updspapi.log

2013-11-15 00:21 - 2008-05-24 11:12 - 02083808 _____ C:\WINDOWS\FaxSetup.log

2013-11-15 00:21 - 2008-05-24 11:12 - 00802210 _____ C:\WINDOWS\tsoc.log

2013-11-15 00:21 - 2008-05-24 11:12 - 00423741 _____ C:\WINDOWS\ntdtcsetup.log

2013-11-15 00:21 - 2008-05-24 11:12 - 00327901 _____ C:\WINDOWS\iis6.log

2013-11-15 00:21 - 2008-05-24 11:12 - 00115160 _____ C:\WINDOWS\ocmsn.log

2013-11-15 00:21 - 2008-05-24 11:12 - 00104322 _____ C:\WINDOWS\msgsocm.log

2013-11-15 00:20 - 2013-11-15 00:20 - 00011742 _____ C:\WINDOWS\KB2900986.log

2013-11-15 00:20 - 2013-11-15 00:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$

2013-11-15 00:20 - 2013-11-13 06:26 - 00025799 _____ C:\WINDOWS\KB2862152.log

2013-11-15 00:20 - 2008-05-24 11:12 - 00001393 _____ C:\WINDOWS\imsins.BAK

2013-11-15 00:19 - 2013-11-15 00:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$

2013-11-15 00:19 - 2013-11-13 06:26 - 00138979 _____ C:\WINDOWS\KB2888505-IE7.log

2013-11-15 00:19 - 2008-05-24 12:06 - 00000000 ____D C:\WINDOWS\ie7updates

2013-11-15 00:19 - 2008-05-24 11:58 - 00000000 ____D C:\WINDOWS\system32\de-de

2013-11-15 00:18 - 2013-11-15 00:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$

2013-11-15 00:18 - 2013-11-13 06:26 - 00015957 _____ C:\WINDOWS\KB2876331.log

2013-11-15 00:10 - 2013-07-14 06:52 - 00000000 ____D C:\WINDOWS\system32\MRT

2013-11-15 00:10 - 2008-05-24 12:04 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2013-11-14 23:12 - 2008-07-04 22:25 - 00000190 ___SH C:\Dokumente und Einstellungen\kw adm\ntuser.ini

2013-11-14 22:04 - 2009-08-22 17:03 - 00000000 ____D C:\Dokumente und Einstellungen\kw\Anwendungsdaten\Verbindungsassistent

2013-11-13 22:35 - 2012-09-29 17:53 - 00000000 ____D C:\Programme\Mozilla Maintenance Service

2013-11-13 07:44 - 2013-11-13 07:44 - 00266094 _____ C:\Dokumente und Einstellungen\kw\Eigene Dateien\as 01311.php

2013-11-13 00:30 - 2013-05-14 06:02 - 00000608 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job

2013-11-12 23:15 - 2013-11-12 23:15 - 00000706 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk

2013-11-12 23:15 - 2012-04-02 11:53 - 00000700 _____ C:\Dokumente und Einstellungen\All Users\Desktop\ff.lnk

2013-11-12 23:15 - 2008-05-24 11:12 - 00000000 ___RD C:\Programme

2013-11-12 23:15 - 2008-05-24 11:11 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme

2013-11-12 22:42 - 2008-08-06 20:31 - 00000000 ____D C:\setups ushe

2013-11-12 22:16 - 2009-11-21 19:51 - 00000000 ____D C:\Programme\Taskbar Shuffle

2013-11-12 22:15 - 2008-07-20 21:58 - 00000000 ____D C:\Dokumente und Einstellungen\kw\Eigene Dateien\__ soxr ff profile 7unob61i.default

2013-11-11 20:23 - 2008-07-04 22:34 - 00038400 _____ C:\Dokumente und Einstellungen\kw\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-11-11 20:20 - 2009-06-09 00:07 - 00000000 ___RD C:\Dokumente und Einstellungen\kw\Eigene Dateien\bilder

2013-11-10 19:54 - 2013-11-07 11:45 - 00000000 ____D C:\Dokumente und Einstellungen\kw\Desktop\tb logs 01311

2013-11-10 19:26 - 2013-11-10 19:26 - 00000000 ____D C:\WINDOWS\ERUNT

2013-11-10 18:10 - 2013-11-10 17:45 - 00000000 ____D C:\AdwCleaner

2013-11-10 16:57 - 2013-11-10 16:57 - 00000760 _____ C:\Dokumente und Einstellungen\All Users\Desktop\mam.lnk

2013-11-10 16:57 - 2013-11-10 16:57 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware

2013-11-10 16:57 - 2013-11-10 16:57 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

2013-11-10 13:34 - 2012-05-21 23:09 - 00000000 ____D C:\Dokumente und Einstellungen\kw\Lokale Einstellungen\Anwendungsdaten\Paint.NET

2013-11-10 12:59 - 2009-03-10 23:36 - 00000000 ____D C:\Dokumente und Einstellungen\kw\Eigene Dateien\fon re

2013-11-10 12:57 - 2008-07-20 22:22 - 00000000 ____D C:\Dokumente und Einstellungen\kw\Eigene Dateien\wa

2013-11-10 12:56 - 2013-11-10 12:55 - 00000000 ____D C:\Dokumente und Einstellungen\kw\Eigene Dateien\briefe

2013-11-09 18:31 - 2013-11-08 23:20 - 00000000 ____D C:\Qoobox

2013-11-09 18:25 - 2008-04-14 13:00 - 00000227 _____ C:\WINDOWS\system.ini

2013-11-09 08:00 - 2008-05-24 10:20 - 00000000 ____D C:\WINDOWS\system32\Restore

2013-11-08 23:48 - 2008-07-23 18:41 - 00000000 ___RD C:\Dokumente und Einstellungen\wa\Startmenü\Programme\Autostart

2013-11-08 23:19 - 2012-09-28 12:30 - 00000000 ____D C:\WINDOWS\erdnt

2013-11-08 23:13 - 2013-11-08 23:12 - 05145633 ____R (Swearware) C:\Dokumente und Einstellungen\kw\Desktop\ComboFix.exe

2013-11-08 22:52 - 2008-12-18 22:36 - 01510594 ___SH C:\Dokumente und Einstellungen\kw\Eigene Dateien\Thumbs.db

2013-11-07 09:30 - 2008-07-04 22:34 - 00000000 ____D C:\Dokumente und Einstellungen\kw

2013-11-04 20:19 - 2013-11-04 20:19 - 00000000 ____D C:\FRST

2013-11-01 08:01 - 2013-10-11 20:41 - 00000000 ____D C:\Programme\Mozilla Thunderbird

2013-10-27 21:12 - 2013-10-27 21:12 - 00240026 _____ C:\Dokumente und Einstellungen\kw\Eigene Dateien\komoloko.php

2013-10-27 06:36 - 2008-05-24 11:12 - 01180126 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2013-10-26 19:05 - 2013-10-26 19:05 - 00090112 _____ C:\WINDOWS\Minidump\Mini102613-01.dmp

2013-10-26 19:05 - 2012-09-22 16:58 - 00000000 ____D C:\WINDOWS\Minidump

2013-10-26 19:03 - 2013-10-26 19:03 - 00000000 ____D C:\found.002

2013-10-21 21:17 - 2008-04-14 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl

2013-10-18 09:16 - 2013-10-18 07:42 - 00001642 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Thunderbird.lnk

2013-10-18 09:16 - 2011-02-09 20:56 - 00001636 _____ C:\Dokumente und Einstellungen\All Users\Desktop\thb.lnk
 

Some content of TEMP:

====================

C:\Dokumente und Einstellungen\kw adm\Lokale Einstellungen\temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe

[2008-04-14 13:00] - [2008-04-14 13:00] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e 
 

C:\Windows\System32\winlogon.exe

[2008-04-14 13:00] - [2008-04-14 13:00] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a 
 

C:\Windows\System32\svchost.exe

[2008-04-14 13:00] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 
 

C:\Windows\System32\services.exe

[2008-04-14 13:00] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc 
 

C:\Windows\System32\User32.dll

[2008-04-14 13:00] - [2008-04-14 13:00] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd 
 

C:\Windows\System32\userinit.exe

[2008-04-14 13:00] - [2008-04-14 13:00] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 
 

C:\Windows\System32\Drivers\volsnap.sys

[2008-04-14 13:00] - [2008-04-14 13:00] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d 
 
 

==================== End Of Log ============================

--- --- ---

mit besten Grüßen
Kathrin