System Care Antivirus entfernen

Micha84 · 11.07.2013

Hallo,

habe mir vor etwa einer Stunde beim Surfen etwas eingefangen was sich System Care Antivirus nennt.
Über die Googlesuche habe ich eine 100% seriöse Firmenseite aufgerufen Beim Speichern einer auf dieser Seite angebotenen pdf-Datei, öffnete siche eine Info, die mir auf englisch mitteilte, dass ich wohl Java aktualisieren soll. Da ich das nicht wollte, klickte ich auf den Button Later .... Mein Englisch ist leider nicht so gut. Ich dachte, ich werde später erneut informiert und wollte dann entscheiden.
Ich habe 5 pdf-Flyer-Dateien heruntergeladen. Es erschien auf dem Bildschirm eine Oberfläche, die Avira ähnelt. Der PC wurde gescannt und 37 infizierte Dateien wurden gemeldet. Habe bisher nichts angeklickt, außer Sprache: deutsch. Es erscheinen von Zeit zu Zeit Meldungen, ähnlich Avira, dass das Programm aktualisiert werden sollte. Eine weitere Meldung gibt zwei Möglichkeiten vor, entweder den Internetexplorer zu aktualisieren oder die Kreditkartennummer an einen anderen Rechner zu schicken. Diese Meldungen erscheine ohne jegliches Zutun und verschwinden nach ein paar Sekunden wieder. Ich traue mich auch nicht das Programm zu schließen.
Es lassen sich keine Programme, außer dem Internetexplorer mehr starten. Seiten im Internetexplorer lassen sich nur noch über die rechte Maustaste über die Registerkarte starten, ansonsten erscheint eine Warnung wiederum auf englisch.

Ich weiß nicht was ich jetzt tun soll, könnt ihr mir bitte helfen?

schrauber · 11.07.2013

Hi,

bitte die passende Version von FRST laden und auf dem Desktop speichern.
http://filepony.de/?q=frst

Dann starten und auf Scan klicken. Beide Logfiles bitte hier in Spoilertags posten.
http://www.wintotal-forum.de/index.php/topic,156218.0.html

Micha84 · 11.07.2013

Hallo Schrauber,

vielen Dank für Deine schnelle Hilfe. Das vorige Posting habe ich von einem anderen PC (600km entfernt) schreiben lassen, da ich an meinem PC keine Formulare ausfüllen konnte. Jetzt habe ich das Profil gewechselt in dem ich scheinbar normal arbeiten kann. Hier läßt sich FRST auch starten. Das geht in dem beschädigten/infizierten? Profil nicht. Die Additional.txt liegt schon einige Zeit auf dem Desktop. Das Programm scheint aber jetzt fest zu hängen. Seit ca. 30min steht Getting Restor Points.

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-07-2013
Ran by test at 2013-07-11 21:07:26
Running from C:\Users\test\Desktop
Boot Mode: Normal
==========================================================

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Photoshop CS (Version: CS)
Adobe Photoshop Lightroom 3.6 (Version: 3.6.1)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Apophysis 2.0 (Version: )
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
AVIConverter 5.1 (Version: 5.1)
Avira Free Antivirus (Version: 13.0.0.3737)
Bonjour (Version: 3.0.0.10)
Browser Address Error Redirector (Version: 1.00.0000)
Canon Camera Access Library (Version: 8.1.1.17)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera WIA Driver (Version: 5.4)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.2.0.8)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.1.0.7)
Canon EOS 20D WIA-Treiber (Version: 5.4)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.2.0.5)
Canon Internet Library for ZoomBrowser EX (Version: 1.4.2.6)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.4.0.7)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.5.0.5)
Canon Utilities Digital Photo Professional 1.1 (Version: 1.1)
Canon Utilities EOS Capture 1.1 (Version: 1.1)
Canon Utilities EOS Viewer Utility 1.1 (Version: 1.1)
Canon Utilities PhotoStitch 3.1 (Version: 3.1.13)
Canon Utilities ZoomBrowser EX (Version: 5.7.0.74)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Dell Handbuch zum Einstieg (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.2.08100)
dm Digi Foto (Version: 2.0.0.6)
dm Fotowelt
EDocs
ESET Online Scanner v3
FreeCAD 0.13 (Version: 0.13.1828)
GIMP 2.8.4 (Version: 2.8.4)
Google Desktop (Version: -)
Google Earth Plug-in (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.149)
GoToAssist 8.0.0.514
Haufe iDesk-Browser (Version: 10.10.14.0000)
Haufe iDesk-Service (Version: 11.07.19.8023)
HP Photo and Imaging 2.5 - Scanjet 5590 Series (Version: 2.50.0000)
HP Speicher-Disc (Version: 1.0.4.805)
HPScanjet5590Corporate10 (Version: 1.00.0000)
iTunes (Version: 10.6.0.40)
Java 7 Update 15 (Version: 7.0.150)
Java Auto Updater (Version: 2.1.9.0)
Lexware buchhalter 2012 (Version: 17.00.00.0109)
Lexware Datenbank plus 2011 (Version: 11.00.00.0074)
Lexware Elster (Version: 11.00.00.0109)
Lexware Info Service (Version: 2.80.00.0007)
Lexware online banking (Version: 11.00.00.0039)
Lexware reisekosten plus 2011 (Version: 11.22.00.0124)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mouse Suite for Desktop Computers (Version: 2.50.025)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Netscape (7.1)
NVIDIA Drivers
NVIDIA Performance (Version: 1.00.0000)
NVIDIA System Monitor (Version: 1.00.0000)
Opera 12.14 (Version: 12.14.1738)
PDF Writer - bioPDF 9.7.0.1592 (Version: 9.7.0.1592)
PhotoStitch (Version: 3.1.13)
posterXXL.de Bestellsoftware 4.80
Presto! PageManager 7.11
QuickTime (Version: 7.66.71.0)
QuickTime Alternative 3.2.2 (Version: 3.2.2)
Readiris Pro 8
Realtek High Definition Audio Driver
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Safari (Version: 5.34.57.2)
ShareIns (Version: 1.00.0000)
SketchUp 2013 (Version: 13.0.3689)
TAXMAN 2011 (Version: 17.00.00.0065)
TAXMAN 2012 (Version: 18.00.00.0061)
TAXMAN Bibliothek 2011 (Version: 17.0.0.0)
TAXMAN Bibliothek 2012 (Version: 18.0.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
VLC media player 1.1.1 (Version: 1.1.1)
WIDCOMM Bluetooth Software 6.0.1.4300 (Version: 6.0.1.4300)
Winamp (remove only)
XAMPP 1.7.7

==================== Restore Points =========================

Micha84 · 11.07.2013

Jetzt kommt doch noch die zweite Datei in mehreren Teilen.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2013
Ran by test (administrator) on 11-07-2013 21:48:39
Running from C:\Users\test\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apache Software Foundation) c:\xampp\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(iAnywhere Solutions, Inc.) C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
() c:\xampp\mysql\bin\mysqld.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
() C:\Users\doris\AppData\Local\Temp\55A1.tmp
(Avira Operations GmbH & Co. KG) C:\program files\avira\antivir desktop\avcenter.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Primax Electronics Ltd.) C:\Windows\System32\Pmxmiced.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Avira Operations GmbH & Co. KG) C:\program files\avira\antivir desktop\ipmGui.exe
(Trimble Navigation Limited) C:\Program Files\SketchUp\SketchUp 2013\Style Builder\Style Builder.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ECenter] - C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( )
HKLM\...\Run: [RtHDVCpl] - RtHDVCpl.exe [x]
HKLM\...\Run: [Bluetooth HCI Monitor] - RunDll32 HCIMNTR.DLL,RunCheckHCIMode [x]
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13531680 2008-05-23] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-05-23] (NVIDIA Corporation)
HKLM\...\Run: [PMX Daemon] - ICO.EXE [x]
HKLM\...\Run: [NVRaidService] - C:\Windows\system32\nvraidservice.exe [184864 2008-01-03] (NVIDIA Corporation)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup [29744 2008-11-11] (Google)
HKLM\...\Run: [dellsupportcenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe /P dellsupportcenter [206064 2008-08-26] (SupportSoft, Inc.)
HKLM\...\Run: [Share-to-Web Namespace Daemon] - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [69632 2002-04-17] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime Alternative\QTTask.exe -atboottime [421888 2010-03-17] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.)
HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\Winampa.exe [12288 2002-04-26] ()
HKLM\...\Run: [Skytel] - Skytel.exe [x]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min [345144 2013-06-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Runonce: [PixelInstall] - 1 [x]
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3562024059-4152139979-2027613617-1000\$eb60275b1e2217cf9cb266fd60348e9a\n. ATTENTION! ====> ZeroAccess?
Startup: C:\Users\doris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma - Verknüpfung.lnk
ShortcutTarget: Adobe Gamma - Verknüpfung.lnk -> (No File)
BootExecute: autocheck autochk /p \??\M:autocheck autochk *

Micha84 · 11.07.2013

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3081112
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3081112
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm043^YY^de&si=swissconverter&ptb=739A72AC-16EE-4F13-A04F-B19CE0B23F27&ind=2013022817&n=77fc4a61&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://www.kps-virtualplanner.de/vp45_vme_qa/Core/Player/2020PlayerAX_WEB_Win32.cab
Handler: haufereader - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\u3285gda.default
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\test\AppData\Roaming\Mozilla\Extensions\[email protected]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe

========================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2008-12-22] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 Apache2.2; c:\xampp\apache\bin\httpd.exe [18432 2011-09-10] (Apache Software Foundation)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.)
S3 FileZilla Server; c:\xampp\FileZillaFTP\FileZillaServer.exe [630272 2011-06-07] (FileZilla Project)
S3 GoogleDesktopManager-010708-104812; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-11-11] (Google)
R2 Lexware_Datenbank_Plus; C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2010-11-05] (iAnywhere Solutions, Inc.)
R2 mysql; c:\xampp\mysql\bin\my.ini [5396 2012-04-17] ()
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [155648 2008-05-30] (NVIDIA)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-26] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

R0 AFS; C:\Windows\System32\Drivers\AFS.sys [77004 2009-01-02] (Oak Technology Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-02] (Avira Operations GmbH & Co. KG)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-07-11] (Malwarebytes Corporation)
R3 NVR0Dev; C:\Windows\nvoclock.sys [29824 2008-05-30] (NVidia Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-06] (Avira GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-11 21:48 - 2013-07-11 21:48 - 00000000 ____D C:\Users\test\AppData\Roaming\SketchUp
2013-07-11 21:07 - 2013-07-11 21:46 - 00022245 ____A C:\Users\test\Desktop\Addition.txt
2013-07-11 21:02 - 2013-07-11 21:02 - 00000000 ____D C:\FRST
2013-07-11 20:58 - 2013-07-11 20:58 - 01218590 ____A (Farbar) C:\Users\test\Desktop\FRST.exe
2013-07-11 20:46 - 2013-07-11 20:47 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-07-11 20:44 - 2013-07-11 20:44 - 00000000 ____D C:\Users\test\AppData\Roaming\Malwarebytes
2013-07-11 20:44 - 2013-07-11 20:44 - 00000000 ____D C:\Users\test\AppData\Local\Mozilla
2013-07-11 20:38 - 2013-07-11 20:38 - 01218590 ____A (Farbar) C:\Users\doris\Downloads\FRST.exe
2013-07-11 19:40 - 2013-07-11 19:40 - 00388608 ____A (Trend Micro Inc.) C:\Users\doris\Downloads\HijackThis.exe
2013-07-11 19:39 - 2013-07-11 19:39 - 00024831 ____A C:\Users\doris\Documents\download.htm
2013-07-11 17:34 - 2013-07-11 17:34 - 00000282 ____A C:\Users\doris\Desktop\Hilfe bei der Schädlingsbeseitigung.url
2013-07-11 17:09 - 2013-07-11 17:09 - 00000290 ____A C:\Users\doris\Desktop\System Care Antivirus.url
2013-07-11 16:46 - 2013-07-11 16:46 - 00002064 ____A C:\Users\doris\Desktop\System Care Antivirus.lnk
2013-07-11 16:46 - 2013-07-11 16:46 - 00000000 ____D C:\ProgramData\8efdd99c-0314-0000-935f-0000667d2b6c
2013-07-09 11:23 - 2013-07-10 11:20 - 00013824 ____A C:\Users\doris\Documents\Entwässerung WM KG.xlr
2013-07-08 11:28 - 2013-07-08 22:56 - 00010752 ____A C:\Users\doris\Documents\zisternenberechnung.xlr
2013-07-05 14:55 - 2013-07-05 14:55 - 00000000 ____D C:\Windows\system32\20-20 Technologies
2013-07-03 11:52 - 2013-07-03 22:08 - 17314268 ____A C:\Users\doris\Documents\zauberstaude bestellung 2012.wps
2013-07-03 10:57 - 2013-07-10 07:10 - 00393216 ____A C:\Users\doris\Documents\Futterplan-Florian-07-2013.xlr
2013-06-28 17:27 - 2013-06-28 17:27 - 00000000 ____D C:\Users\doris\AppData\Roaming\SketchUp
2013-06-28 16:14 - 2013-06-28 16:14 - 00003120 ____A C:\Windows\system32\ALLFSAF13a.ocx
2013-06-28 16:14 - 2013-06-28 16:14 - 00002063 ____A C:\Users\Public\Desktop\Style Builder 2013.lnk
2013-06-28 16:14 - 2013-06-28 16:14 - 00001977 ____A C:\Users\Public\Desktop\LayOut 2013.lnk
2013-06-28 16:14 - 2013-06-28 16:14 - 00001896 ____A C:\Users\Public\Desktop\SketchUp 2013.lnk
2013-06-28 16:14 - 2013-06-28 16:14 - 00000000 ____D C:\ProgramData\SketchUp
2013-06-28 16:14 - 2013-06-28 16:14 - 00000000 ____D C:\Program Files\SketchUp
2013-06-28 14:41 - 2013-06-28 14:42 - 79487688 ____A (Trimble Navigation Limited) C:\Users\doris\Downloads\SketchUpWDE-13.exe
2013-06-28 13:47 - 2013-06-28 13:47 - 00000000 ____D C:\Users\doris\AppData\Local\freecad
2013-06-28 13:32 - 2013-06-28 13:42 - 00000000 ____D C:\Users\doris\AppData\Roaming\FreeCAD
2013-06-28 13:31 - 2013-06-28 13:31 - 00000000 ____D C:\Program Files\FreeCAD0.13
2013-06-28 13:28 - 2013-06-28 13:29 - 106101248 ____A C:\Users\doris\Downloads\FreeCAD_0.13.1828_x86_setup.msi
2013-06-27 22:13 - 2013-06-28 22:44 - 00010752 ____A C:\Users\doris\Documents\Berechnung Vollgeschoß.xlr
2013-06-27 19:20 - 2013-06-27 19:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-25 16:00 - 2013-06-25 16:00 - 00002035 ____A C:\Users\doris\AppData\Local\recently-used.xbel
2013-06-21 18:16 - 2013-06-26 23:22 - 00393728 ____A C:\Users\doris\Documents\Futterplan-Florian-06-2013.xlr
2013-06-21 13:09 - 2013-07-01 23:18 - 00014336 ____A C:\Users\doris\Documents\haushöhe neu.xlr
2013-06-21 10:07 - 2013-06-21 11:24 - 00010752 ____A C:\Users\doris\Documents\haushöhe.xlr
2013-06-20 11:40 - 2013-06-21 00:11 - 00010752 ____A C:\Users\doris\Documents\Höhenberechnung Haus Bendig.xlr
2013-06-14 09:32 - 2013-06-14 09:32 - 00126464 ____A C:\Users\doris\Documents\fotocommunity sicher.xlr
2013-06-13 06:30 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-13 06:30 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-13 06:30 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-13 06:30 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-13 06:30 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-13 06:30 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-06-13 06:30 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\system32\url.dll
2013-06-13 06:30 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-13 06:30 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-13 06:30 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-06-13 06:30 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-06-13 06:30 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-13 06:30 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-13 06:30 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-06-13 06:30 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-06-13 06:30 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-12 18:04 - 2013-06-12 18:04 - 00000223 ____A C:\Users\doris\Documents\fc-helmut wolf.txt
2013-06-12 10:34 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 10:34 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-06-12 10:34 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-06-12 10:34 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 10:34 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-06-12 10:34 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 10:34 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 10:34 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 10:34 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 10:34 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 10:34 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-11 14:56 - 2013-06-11 14:57 - 00000247 ____A C:\Users\doris\Documents\fc-fidibauer.txt

Micha84 · 11.07.2013

==================== One Month Modified Files and Folders =======

2013-07-11 21:48 - 2013-07-11 21:48 - 00000000 ____D C:\Users\test\AppData\Roaming\SketchUp
2013-07-11 21:46 - 2013-07-11 21:07 - 00022245 ____A C:\Users\test\Desktop\Addition.txt
2013-07-11 21:36 - 2008-11-11 18:50 - 01923583 ____A C:\Windows\WindowsUpdate.log
2013-07-11 21:33 - 2013-03-01 00:20 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-11 21:17 - 2013-02-21 15:55 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-11 21:13 - 2013-02-21 15:52 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562024059-4152139979-2027613617-1000UA.job
2013-07-11 21:02 - 2013-07-11 21:02 - 00000000 ____D C:\FRST
2013-07-11 20:58 - 2013-07-11 20:58 - 01218590 ____A (Farbar) C:\Users\test\Desktop\FRST.exe
2013-07-11 20:47 - 2013-07-11 20:46 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-07-11 20:46 - 2013-02-22 14:44 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-11 20:46 - 2013-02-22 14:44 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-11 20:46 - 2013-02-21 15:55 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-11 20:45 - 2011-10-20 14:46 - 00072680 ____A C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-11 20:44 - 2013-07-11 20:44 - 00000000 ____D C:\Users\test\AppData\Roaming\Malwarebytes
2013-07-11 20:44 - 2013-07-11 20:44 - 00000000 ____D C:\Users\test\AppData\Local\Mozilla
2013-07-11 20:44 - 2012-10-24 14:02 - 00000000 ____D C:\Users\test\AppData\Roaming\Mozilla
2013-07-11 20:38 - 2013-07-11 20:38 - 01218590 ____A (Farbar) C:\Users\doris\Downloads\FRST.exe
2013-07-11 19:59 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-11 19:59 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-11 19:40 - 2013-07-11 19:40 - 00388608 ____A (Trend Micro Inc.) C:\Users\doris\Downloads\HijackThis.exe
2013-07-11 19:39 - 2013-07-11 19:39 - 00024831 ____A C:\Users\doris\Documents\download.htm
2013-07-11 17:34 - 2013-07-11 17:34 - 00000282 ____A C:\Users\doris\Desktop\Hilfe bei der Schädlingsbeseitigung.url
2013-07-11 17:14 - 2013-02-21 15:52 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562024059-4152139979-2027613617-1000Core.job
2013-07-11 17:09 - 2013-07-11 17:09 - 00000290 ____A C:\Users\doris\Desktop\System Care Antivirus.url
2013-07-11 16:46 - 2013-07-11 16:46 - 00002064 ____A C:\Users\doris\Desktop\System Care Antivirus.lnk
2013-07-11 16:46 - 2013-07-11 16:46 - 00000000 ____D C:\ProgramData\8efdd99c-0314-0000-935f-0000667d2b6c
2013-07-11 15:43 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 14:54 - 2008-01-21 09:16 - 01581712 ____A C:\Windows\system32\PerfStringBackup.INI
2013-07-11 14:48 - 2006-11-02 12:24 - 75699896 ____A (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-07-11 14:41 - 2011-10-20 15:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 14:40 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 14:01 - 2011-08-15 07:58 - 00000000 ____D C:\Users\doris\Desktop\Lightroom
2013-07-11 13:58 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-10 23:05 - 2008-11-11 18:51 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-07-10 23:05 - 2006-11-02 15:01 - 00032562 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-10 11:20 - 2013-07-09 11:23 - 00013824 ____A C:\Users\doris\Documents\Entwässerung WM KG.xlr
2013-07-10 11:20 - 2009-01-14 11:52 - 00018952 ____A C:\Users\doris\AppData\Roaming\wklnhst.dat
2013-07-10 07:10 - 2013-07-03 10:57 - 00393216 ____A C:\Users\doris\Documents\Futterplan-Florian-07-2013.xlr
2013-07-08 22:56 - 2013-07-08 11:28 - 00010752 ____A C:\Users\doris\Documents\zisternenberechnung.xlr
2013-07-05 14:55 - 2013-07-05 14:55 - 00000000 ____D C:\Windows\system32\20-20 Technologies
2013-07-03 22:08 - 2013-07-03 11:52 - 17314268 ____A C:\Users\doris\Documents\zauberstaude bestellung 2012.wps
2013-07-01 23:18 - 2013-06-21 13:09 - 00014336 ____A C:\Users\doris\Documents\haushöhe neu.xlr
2013-07-01 23:17 - 2013-05-22 06:38 - 00194560 ____A C:\Users\doris\Documents\fotocommunity.xlr
2013-06-29 09:36 - 2013-02-21 15:34 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-28 22:44 - 2013-06-27 22:13 - 00010752 ____A C:\Users\doris\Documents\Berechnung Vollgeschoß.xlr
2013-06-28 17:27 - 2013-06-28 17:27 - 00000000 ____D C:\Users\doris\AppData\Roaming\SketchUp
2013-06-28 16:14 - 2013-06-28 16:14 - 00003120 ____A C:\Windows\system32\ALLFSAF13a.ocx
2013-06-28 16:14 - 2013-06-28 16:14 - 00002063 ____A C:\Users\Public\Desktop\Style Builder 2013.lnk
2013-06-28 16:14 - 2013-06-28 16:14 - 00001977 ____A C:\Users\Public\Desktop\LayOut 2013.lnk
2013-06-28 16:14 - 2013-06-28 16:14 - 00001896 ____A C:\Users\Public\Desktop\SketchUp 2013.lnk
2013-06-28 16:14 - 2013-06-28 16:14 - 00000000 ____D C:\ProgramData\SketchUp
2013-06-28 16:14 - 2013-06-28 16:14 - 00000000 ____D C:\Program Files\SketchUp
2013-06-28 14:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-06-28 14:42 - 2013-06-28 14:41 - 79487688 ____A (Trimble Navigation Limited) C:\Users\doris\Downloads\SketchUpWDE-13.exe
2013-06-28 14:29 - 2008-12-05 14:55 - 00000000 ____D C:\Users\doris
2013-06-28 13:47 - 2013-06-28 13:47 - 00000000 ____D C:\Users\doris\AppData\Local\freecad
2013-06-28 13:42 - 2013-06-28 13:32 - 00000000 ____D C:\Users\doris\AppData\Roaming\FreeCAD
2013-06-28 13:31 - 2013-06-28 13:31 - 00000000 ____D C:\Program Files\FreeCAD0.13
2013-06-28 13:29 - 2013-06-28 13:28 - 106101248 ____A C:\Users\doris\Downloads\FreeCAD_0.13.1828_x86_setup.msi
2013-06-27 19:21 - 2013-06-27 19:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-27 09:06 - 2011-08-15 20:30 - 00000000 ____D C:\Users\doris\Desktop\Unbenannter Export
2013-06-26 23:22 - 2013-06-21 18:16 - 00393728 ____A C:\Users\doris\Documents\Futterplan-Florian-06-2013.xlr
2013-06-25 16:03 - 2013-03-09 01:56 - 00000000 ____D C:\Users\doris\.gimp-2.8
2013-06-25 16:00 - 2013-06-25 16:00 - 00002035 ____A C:\Users\doris\AppData\Local\recently-used.xbel
2013-06-24 19:39 - 2008-12-05 15:00 - 00000000 ____D C:\Users\doris\AppData\Local\Google
2013-06-21 11:24 - 2013-06-21 10:07 - 00010752 ____A C:\Users\doris\Documents\haushöhe.xlr
2013-06-21 10:11 - 2013-02-21 15:52 - 00002084 ____A C:\Users\doris\Desktop\Google Chrome.lnk
2013-06-21 09:40 - 2008-01-21 04:47 - 00119228 ____A C:\Windows\PFRO.log
2013-06-21 00:11 - 2013-06-20 11:40 - 00010752 ____A C:\Users\doris\Documents\Höhenberechnung Haus Bendig.xlr
2013-06-21 00:07 - 2013-03-16 15:52 - 00015360 ____A C:\Users\doris\Documents\Abwasserleitun.xlr
2013-06-14 09:32 - 2013-06-14 09:32 - 00126464 ____A C:\Users\doris\Documents\fotocommunity sicher.xlr
2013-06-13 07:19 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-12 18:04 - 2013-06-12 18:04 - 00000223 ____A C:\Users\doris\Documents\fc-helmut wolf.txt
2013-06-12 08:33 - 2013-03-01 00:20 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-06-12 08:33 - 2013-03-01 00:20 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 14:57 - 2013-06-11 14:56 - 00000247 ____A C:\Users\doris\Documents\fc-fidibauer.txt

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-07-11 14:05

==================== End Of Log ============================

Micha84 · 11.07.2013

Bevor Deine Antwort vorhin kam habe ich malewarebytes scannen lassen, weil es auf dem PC war und sich auch starten ließ. Ich schreibe mal das Ergebnis mit hier rein. Ich habe alles so gelassen wie es ist, also nichts entfernen lassen.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.11.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
test :: DORIS-PC [Administrator]

11.07.2013 20:47:15
MBAM-log-2013-07-11 (21-40-39).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 270816
Laufzeit: 37 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\doris\AppData\Local\Temp\55A1.tmp (Trojan.FakeAlert.ED) -> 4976 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\doris\AppData\Local\Temp\55A1.tmp (Trojan.FakeAlert.ED) -> Keine Aktion durchgeführt.
C:\ProgramData\8efdd99c-0314-0000-935f-0000667d2b6c\8efdd99c-0314-0000-935f-0000667d2b6c.exe (Trojan.FakeAlert.ED) -> Keine Aktion durchgeführt.

(Ende)

schrauber · 12.07.2013

Hi,

Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3562024059-4152139979-2027613617-1000\$eb60275b1e2217cf9cb266fd60348e9a\n. ATTENTION! ====> ZeroAccess?
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm043^YY^de&amp;si=swissconverter&amp;ptb=739A72AC-16EE-4F13-A04F-B19CE0B23F27&amp;ind=2013022817&amp;n=77fc4a61&amp;psa=&amp;st=sb&amp;searchfor={searchTerms}
2013-07-11 17:09 - 2013-07-11 17:09 - 00000290 ____A C:\Users\doris\Desktop\System Care Antivirus.url
2013-07-11 16:46 - 2013-07-11 16:46 - 00002064 ____A C:\Users\doris\Desktop\System Care Antivirus.lnk
2013-07-11 16:46 - 2013-07-11 16:46 - 00000000 ____D C:\ProgramData\8efdd99c-0314-0000-935f-0000667d2b6c
2013-07-11 17:09 - 2013-07-11 17:09 - 00000290 ____A C:\Users\doris\Desktop\System Care Antivirus.url
2013-07-11 16:46 - 2013-07-11 16:46 - 00002064 ____A C:\Users\doris\Desktop\System Care Antivirus.lnk
2013-07-11 16:46 - 2013-07-11 16:46 - 00000000 ____D C:\ProgramData\8efdd99c-0314-0000-935f-0000667d2b6c
C:\Users\doris\AppData\Local\Temp\55A1.tmp

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Micha84 · 12.07.2013

Hallo und guten Morgen,

hier die Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-07-2013
Ran by test at 2013-07-12 07:34:49 Run:1
Running from C:\Users\test\Desktop
Boot Mode: Normal

==============================================

HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key deleted successfully.
HKCR\CLSID\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
C:\Users\doris\Desktop\System Care Antivirus.url => Moved successfully.
C:\Users\doris\Desktop\System Care Antivirus.lnk => Moved successfully.
C:\ProgramData\8efdd99c-0314-0000-935f-0000667d2b6c => Moved successfully.
C:\Users\doris\Desktop\System Care Antivirus.url => File/Directory not found.
C:\Users\doris\Desktop\System Care Antivirus.lnk => File/Directory not found.
C:\ProgramData\8efdd99c-0314-0000-935f-0000667d2b6c => File/Directory not found.
C:\Users\doris\AppData\Local\Temp\55A1.tmp => Moved successfully.

==== End of Fixlog ====

schrauber · 12.07.2013

Sehr schön. Malwarebytes updaten, Quick Scan, Funde löschen.

Bitte ein frisches FRST Log aus dem infizierten Profil wenn möglich.

Micha84 · 12.07.2013

Ich möchte noch kurz beschreiben was inzwischen passiert ist. Über nacht habe ich den PC angelassen. Scheinbar wurde er aber neu gestartet. Ich hatte gestern bevor der ganze Spuk begann eine Windows-Update geladen. 17 Dateien sollten aktualisiert werden. Dazu hätte aber der PC neu gestartet werden müssen. Kurz bevor ich den PC neu starten und die Updates installieren lassen wollte habe ich mir dieses System Care Antivirus eingefangen. Danach habe ich mir nicht mehr getraut, den PC herunter zu fahren. Scheinbar ist dann während der Nacht doch neu gestartet worden, obwohl ich mir das gar nicht richtig vorstellen kann, denn ich hätte doch bei der Windows-Meldung auf Ok klicken müssen. Die Updates sind laut Update-verlauf auch ordnungsgemäß installiert worden. Unter dem Profil, wo gestern nichts mehr ging, kann ich jetzt auch wieder Programme starten. Aus der Taskleiste sind die blockierenden Programme auch verschwunden. Richtig läuft der PC aber nicht. Es geht teilweise nichts oder nur sehr langsam.

Habe wieder in das andere Profil gewechselt. Avira meldet nachdem ich ausgeführt habe was Du gerade beschrieben hast: Der Zugriff auf die Datei C:\FRST\Quarantine\55A1.tmp, die ein Virus oder unerwünschtes Programm TR/Kryptik.lks.4 enthält wurde verweigert. Dort habe ich jetzt die Wahl entfernen, details oder ich kann am Kreuz die Meldung wegklicken.

Micha84 · 12.07.2013

Malewarebytes hat in dem funktionierenden Profil nichts gefunden. Löschen entfiel also.

Hier jetzt die FRST-logs aus dem infizierten Profil

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-07-2013
Ran by doris at 2013-07-12 08:41:07
Running from C:\Users\doris\Desktop
Boot Mode: Normal
==========================================================

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Photoshop CS (Version: CS)
Adobe Photoshop Lightroom 3.6 (Version: 3.6.1)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Apophysis 2.0 (Version: )
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
AVIConverter 5.1 (Version: 5.1)
Avira Free Antivirus (Version: 13.0.0.3737)
Bonjour (Version: 3.0.0.10)
Browser Address Error Redirector (Version: 1.00.0000)
Canon Camera Access Library (Version: 8.1.1.17)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera WIA Driver (Version: 5.4)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.2.0.8)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.1.0.7)
Canon EOS 20D WIA-Treiber (Version: 5.4)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.2.0.5)
Canon Internet Library for ZoomBrowser EX (Version: 1.4.2.6)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.4.0.7)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.5.0.5)
Canon Utilities Digital Photo Professional 1.1 (Version: 1.1)
Canon Utilities EOS Capture 1.1 (Version: 1.1)
Canon Utilities EOS Viewer Utility 1.1 (Version: 1.1)
Canon Utilities PhotoStitch 3.1 (Version: 3.1.13)
Canon Utilities ZoomBrowser EX (Version: 5.7.0.74)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Dell Handbuch zum Einstieg (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.2.08100)
dm Digi Foto (Version: 2.0.0.6)
dm Fotowelt
EDocs
ESET Online Scanner v3
FreeCAD 0.13 (Version: 0.13.1828)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (HKCU Version: 27.0.1453.116)
Google Desktop (Version: -)
Google Earth Plug-in (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.149)
GoToAssist 8.0.0.514
Haufe iDesk-Browser (Version: 10.10.14.0000)
Haufe iDesk-Service (Version: 11.07.19.8023)
HP Photo and Imaging 2.5 - Scanjet 5590 Series (Version: 2.50.0000)
HP Speicher-Disc (Version: 1.0.4.805)
HPScanjet5590Corporate10 (Version: 1.00.0000)
iTunes (Version: 10.6.0.40)
Java 7 Update 15 (Version: 7.0.150)
Java Auto Updater (Version: 2.1.9.0)
Lexware buchhalter 2012 (Version: 17.00.00.0109)
Lexware Datenbank plus 2011 (Version: 11.00.00.0074)
Lexware Elster (Version: 11.00.00.0109)
Lexware Info Service (Version: 2.80.00.0007)
Lexware online banking (Version: 11.00.00.0039)
Lexware reisekosten plus 2011 (Version: 11.22.00.0124)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mouse Suite for Desktop Computers (Version: 2.50.025)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Netscape (7.1)
NVIDIA Drivers
NVIDIA Performance (Version: 1.00.0000)
NVIDIA System Monitor (Version: 1.00.0000)
Opera 12.14 (Version: 12.14.1738)
PDF Writer - bioPDF 9.7.0.1592 (Version: 9.7.0.1592)
PhotoStitch (Version: 3.1.13)
posterXXL.de Bestellsoftware 4.80
Presto! PageManager 7.11
QuickTime (Version: 7.66.71.0)
QuickTime Alternative 3.2.2 (Version: 3.2.2)
Readiris Pro 8
Realtek High Definition Audio Driver
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Safari (Version: 5.34.57.2)
ShareIns (Version: 1.00.0000)
SketchUp 2013 (Version: 13.0.3689)
System Care Antivirus
TAXMAN 2011 (Version: 17.00.00.0065)
TAXMAN 2012 (Version: 18.00.00.0061)
TAXMAN Bibliothek 2011 (Version: 17.0.0.0)
TAXMAN Bibliothek 2012 (Version: 18.0.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
VLC media player 1.1.1 (Version: 1.1.1)
WIDCOMM Bluetooth Software 6.0.1.4300 (Version: 6.0.1.4300)
Winamp (remove only)
XAMPP 1.7.7

Micha84 · 12.07.2013

==================== Restore Points =========================

03-06-2013 14:22:21 Geplanter Prüfpunkt
04-06-2013 14:29:38 Geplanter Prüfpunkt
05-06-2013 06:15:56 Geplanter Prüfpunkt
05-06-2013 12:18:56 Windows Update
06-06-2013 14:48:13 Geplanter Prüfpunkt
07-06-2013 07:33:50 Geplanter Prüfpunkt
07-06-2013 22:31:10 Geplanter Prüfpunkt
08-06-2013 22:36:07 Geplanter Prüfpunkt
09-06-2013 18:58:11 Geplanter Prüfpunkt
10-06-2013 18:43:58 Geplanter Prüfpunkt
11-06-2013 11:14:57 Geplanter Prüfpunkt
11-06-2013 13:06:53 Windows Update
12-06-2013 10:24:31 Geplanter Prüfpunkt
13-06-2013 04:25:27 Windows Update
14-06-2013 13:37:47 Geplanter Prüfpunkt
20-06-2013 08:12:24 Windows Update
21-06-2013 13:08:17 Geplanter Prüfpunkt
24-06-2013 05:21:42 Geplanter Prüfpunkt
25-06-2013 06:54:47 Geplanter Prüfpunkt
25-06-2013 10:24:31 Windows Update
26-06-2013 17:34:37 Geplanter Prüfpunkt
26-06-2013 21:27:19 Windows Update
28-06-2013 05:55:16 Geplanter Prüfpunkt
28-06-2013 11:30:33 Installed FreeCAD 0.13
28-06-2013 14:13:45 SketchUp 2013 wurde installiert
28-06-2013 20:57:57 Windows Update
29-06-2013 07:41:01 Windows Update
30-06-2013 00:27:46 Windows Update
30-06-2013 15:23:21 Geplanter Prüfpunkt
01-07-2013 07:46:59 Geplanter Prüfpunkt
02-07-2013 08:10:59 Geplanter Prüfpunkt
03-07-2013 11:16:19 Geplanter Prüfpunkt
04-07-2013 08:39:23 Geplanter Prüfpunkt
05-07-2013 13:49:10 Windows Update
08-07-2013 08:45:44 Geplanter Prüfpunkt
09-07-2013 09:13:44 Geplanter Prüfpunkt
09-07-2013 09:49:51 Windows Update
11-07-2013 12:39:35 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2013-02-28 01:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {179AF5A0-8D46-40C5-94D6-D69B7F7FAA27} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {279F7343-B428-465F-9F47-A83C8470DAB5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {2E4657E4-9C41-4A64-B800-2654781E3A07} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {42341940-AAE2-483C-B7D9-6BA9931ED4A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3562024059-4152139979-2027613617-1000Core => C:\Users\doris\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-21] (Google Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {7024D00D-D83C-4EA3-99B0-AC1B96D11CEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-21] (Google Inc.)
Task: {708DF76F-575C-45EF-8CCC-AC58AA34F299} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-21] (Google Inc.)
Task: {7C3F522E-C1FE-448A-8010-0390391A7231} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - doris => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {949240F7-9DE3-4BDB-BFD1-3D530604CE27} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {BCF3F8D9-522B-4F78-8743-C41B0C3CCF83} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.)
Task: {BF4C5CD9-12F2-4622-9278-0B43384F5C50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3562024059-4152139979-2027613617-1000UA => C:\Users\doris\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-21] (Google Inc.)
Task: {DBE9B605-E1A6-40FC-AB89-0FF6C0E36BD0} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {E7D5C8B1-15E5-44E0-975F-C57C5030E745} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {EEC20512-A724-4BD4-8BDD-9C1EE3F926C3} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {EF49387B-998C-4A72-B795-C731A3E4DFA9} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562024059-4152139979-2027613617-1000Core.job => C:\Users\doris\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562024059-4152139979-2027613617-1000UA.job => C:\Users\doris\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/12/2013 03:27:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA Win32_Processor AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/11/2013 08:13:48 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16490, Zeitstempel 0x51955cca, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000005, Fehleroffset 0x00044a10,
Prozess-ID 0x2d68, Anwendungsstartzeit iexplore.exe0.

Error: (07/11/2013 04:39:23 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18704, Zeitstempel 0x5065ccb6, Ausnahmecode 0x0eedfade, Fehleroffset 0x0003fc16,
Prozess-ID 0x1514, Anwendungsstartzeit svchost.exe0.

Error: (07/11/2013 02:39:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Zugriff verweigert

Error: (07/11/2013 02:39:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Zugriff verweigert

Error: (07/11/2013 02:00:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA Win32_Processor AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2013 11:03:03 PM) (Source: Application Hang) (User: )
Description: Programm DllHost.exe, Version 6.0.6000.16386 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet Lösungen für Probleme in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 101c
Anfangszeit: 01ce7d5e94bea162
Zeitpunkt der Beendigung: 1098

Error: (07/10/2013 06:52:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA Win32_Processor AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2013 01:57:11 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\DORIS\DOCUMENTS\ENTWÄSSERUNG WM KG.XLR> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (07/09/2013 11:52:27 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung nvraidservice.exe, Version 9.99.0.8, Zeitstempel 0x477d817a, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.18508, Zeitstempel 0x4e5674e4, Ausnahmecode 0xc0000005, Fehleroffset 0x00009027,
Prozess-ID 0xe84, Anwendungsstartzeit nvraidservice.exe0.

System errors:
=============
Error: (07/12/2013 07:33:12 AM) (Source: Service Control Manager) (User: )
Description: Google Update-Dienst (gupdatem)%%1053

Error: (07/12/2013 07:33:12 AM) (Source: Service Control Manager) (User: )
Description: 30000Google Update-Dienst (gupdatem)

Error: (07/12/2013 07:33:11 AM) (Source: DCOM) (User: )
Description: 1053gupdatem/comsvc{E225E692-4B47-4777-9BED-4FD7FE257F0E}

Error: (07/12/2013 03:28:02 AM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (07/12/2013 03:23:08 AM) (Source: Service Control Manager) (User: )
Description: Apache2.21 (0x1)

Error: (07/11/2013 05:10:18 PM) (Source: DCOM) (User: )
Description: {4CD40054-9865-47B2-A16C-1BD17DA4AAD9}

Error: (07/11/2013 04:52:42 PM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (07/11/2013 02:00:10 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (07/10/2013 11:04:43 PM) (Source: Service Control Manager) (User: )
Description: Apache2.21 (0x1)

Error: (07/10/2013 06:59:07 AM) (Source: Service Control Manager) (User: )
Description: Windows Update

Microsoft Office Sessions:
=========================
Error: (07/12/2013 03:27:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA Win32_Processor AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/11/2013 08:13:48 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.1649051955ccantdll.dll6.0.6002.185414ec3e3d5c000000500044a102d6801ce7e598ac25f46

Error: (07/11/2013 04:39:23 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89kernel32.dll6.0.6002.187045065ccb60eedfade0003fc16151401ce7e4461621336

Error: (07/11/2013 02:39:35 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Zugriff verweigert

Error: (07/11/2013 02:39:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Zugriff verweigert

Error: (07/11/2013 02:00:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA Win32_Processor AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2013 11:03:03 PM) (Source: Application Hang)(User: )
Description: DllHost.exe6.0.6000.16386101c01ce7d5e94bea1621098

Error: (07/10/2013 06:52:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA Win32_Processor AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2013 01:57:11 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\DORIS\DOCUMENTS\ENTWÄSSERUNG WM KG.XLR

Error: (07/09/2013 11:52:27 AM) (Source: Application Error)(User: )
Description: nvraidservice.exe9.99.0.8477d817aOLEAUT32.dll6.0.6002.185084e5674e4c000000500009027e8401ce7c793ca93b68

CodeIntegrity Errors:
===================================
Date: 2013-02-28 07:45:52.539
Description: Die Abbildintegrität der Datei \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-02-28 07:45:52.405
Description: Die Abbildintegrität der Datei \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-02-28 07:45:52.269
Description: Die Abbildintegrität der Datei \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-02-28 07:45:52.109
Description: Die Abbildintegrität der Datei \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-02-28 07:39:38.175
Description: Die Abbildintegrität der Datei \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-02-28 07:39:38.069
Description: Die Abbildintegrität der Datei \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-02-28 07:39:37.934
Description: Die Abbildintegrität der Datei \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-02-28 07:39:37.761
Description: Die Abbildintegrität der Datei \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-02-28 07:32:59.926
Description: Die Abbildintegrität der Datei \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-02-28 07:32:59.821
Description: Die Abbildintegrität der Datei \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

==================== Memory info ===========================

Percentage of memory in use: 69%
Total physical RAM: 3068.57 MB
Available physical RAM: 931.67 MB
Total Pagefile: 6360.15 MB
Available Pagefile: 2602.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.61 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:921.45 GB) (Free:275.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: D8000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=921 GB) - (Type=07 NTFS)

==================== End Of Log ===========================

Micha84 · 12.07.2013

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2013
Ran by doris (administrator) on 12-07-2013 08:40:07
Running from C:\Users\doris\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apache Software Foundation) c:\xampp\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(iAnywhere Solutions, Inc.) C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
() c:\xampp\mysql\bin\mysqld.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
() C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Avira Operations GmbH & Co. KG) C:\program files\avira\antivir desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Microsoft Corporation) C:\Windows\system32\Taskmgr.exe
(Avira Operations GmbH & Co. KG) C:\program files\avira\antivir desktop\ipmGui.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(Primax Electronics Ltd.) C:\Windows\System32\Pmxmiced.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ECenter] - C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( )
HKLM\...\Run: [RtHDVCpl] - RtHDVCpl.exe [x]
HKLM\...\Run: [Bluetooth HCI Monitor] - RunDll32 HCIMNTR.DLL,RunCheckHCIMode [x]
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13531680 2008-05-23] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-05-23] (NVIDIA Corporation)
HKLM\...\Run: [PMX Daemon] - ICO.EXE [x]
HKLM\...\Run: [NVRaidService] - C:\Windows\system32\nvraidservice.exe [184864 2008-01-03] (NVIDIA Corporation)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup [29744 2008-11-11] (Google)
HKLM\...\Run: [dellsupportcenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe /P dellsupportcenter [206064 2008-08-26] (SupportSoft, Inc.)
HKLM\...\Run: [Share-to-Web Namespace Daemon] - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [69632 2002-04-17] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime Alternative\QTTask.exe -atboottime [421888 2010-03-17] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.)
HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\Winampa.exe [12288 2002-04-26] ()
HKLM\...\Run: [Skytel] - Skytel.exe [x]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min [345144 2013-06-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Runonce: [PixelInstall] - 1 [x]
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]
HKCU\...\Run: [NVIDIA nTune] - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile [110592 2008-05-30] (NVIDIA)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-11-11] (Google Inc.)
HKCU\...\Run: [Google Update] - C:\Users\doris\AppData\Local\Google\Update\GoogleUpdate.exe /c [116648 2013-02-21] (Google Inc.)
HKCU\...\Run: [8efdd99c-0314-0000-935f-0000667d2b6c] - C:\ProgramData\8efdd99c-0314-0000-935f-0000667d2b6c\8efdd99c-0314-0000-935f-0000667d2b6c.exe [x]
Startup: C:\Users\doris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma - Verknüpfung.lnk
ShortcutTarget: Adobe Gamma - Verknüpfung.lnk -> (No File)
BootExecute: autocheck autochk /p \??\M:autocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm043^YY^de&si=swissconverter&ptb=739A72AC-16EE-4F13-A04F-B19CE0B23F27&ind=2013022817&n=77fc4a61&psa=&st=sb&searchfor={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://www.kps-virtualplanner.de/vp45_vme_qa/Core/Player/2020PlayerAX_WEB_Win32.cab
Handler: haufereader - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

Micha84 · 12.07.2013

FireFox:
========
FF ProfilePath: C:\Users\doris\AppData\Roaming\Mozilla\Firefox\Profiles\9fnqnht7.default
FF SelectedSearchEngine: LEO Eng-Deu
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\doris\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\doris\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\doris\AppData\Roaming\Mozilla\Extensions\[email protected]
FF Extension: PageRank - C:\Users\doris\AppData\Roaming\Mozilla\Firefox\Profiles\9fnqnht7.default\Extensions\[email protected]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\doris\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\doris\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\doris\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - c:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\doris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

========================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2008-12-22] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 Apache2.2; c:\xampp\apache\bin\httpd.exe [18432 2011-09-10] (Apache Software Foundation)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.)
S3 FileZilla Server; c:\xampp\FileZillaFTP\FileZillaServer.exe [630272 2011-06-07] (FileZilla Project)
S3 GoogleDesktopManager-010708-104812; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-11-11] (Google)
R2 Lexware_Datenbank_Plus; C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2010-11-05] (iAnywhere Solutions, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 mysql; c:\xampp\mysql\bin\my.ini [5396 2012-04-17] ()
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [155648 2008-05-30] (NVIDIA)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-26] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

R0 AFS; C:\Windows\System32\Drivers\AFS.sys [77004 2009-01-02] (Oak Technology Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-02] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-07-12] (Malwarebytes Corporation)
R3 NVR0Dev; C:\Windows\nvoclock.sys [29824 2008-05-30] (NVidia Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-06] (Avira GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-12 08:37 - 2013-07-12 08:37 - 01218598 ____A (Farbar) C:\Users\doris\Downloads\FRST(1).exe
2013-07-12 08:35 - 2013-07-12 08:35 - 01218598 ____A (Farbar) C:\Users\doris\Downloads\FRST (2).exe
2013-07-12 08:33 - 2013-07-12 08:33 - 01218598 ____A (Farbar) C:\Users\doris\Downloads\FRST (1).exe
2013-07-12 07:54 - 2013-07-12 07:55 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-07-11 22:00 - 2013-07-11 22:00 - 00000000 ____D C:\Users\test\AppData\Roaming\Avira
2013-07-11 21:49 - 2013-07-11 21:49 - 00029155 ____A C:\Users\test\Desktop\FRST.txt
2013-07-11 21:48 - 2013-07-11 21:48 - 00000000 ____D C:\Users\test\AppData\Roaming\SketchUp
2013-07-11 21:02 - 2013-07-11 21:02 - 00000000 ____D C:\FRST
2013-07-11 20:58 - 2013-07-11 20:58 - 01218590 ____A (Farbar) C:\Users\test\Desktop\FRST.exe
2013-07-11 20:44 - 2013-07-11 20:44 - 00000000 ____D C:\Users\test\AppData\Roaming\Malwarebytes
2013-07-11 20:44 - 2013-07-11 20:44 - 00000000 ____D C:\Users\test\AppData\Local\Mozilla
2013-07-11 20:38 - 2013-07-11 20:38 - 01218590 ____A (Farbar) C:\Users\doris\Desktop\FRST.exe
2013-07-11 19:40 - 2013-07-11 19:40 - 00388608 ____A (Trend Micro Inc.) C:\Users\doris\Downloads\HijackThis.exe
2013-07-11 19:39 - 2013-07-11 19:39 - 00024831 ____A C:\Users\doris\Documents\download.htm
2013-07-11 17:34 - 2013-07-11 17:34 - 00000282 ____A C:\Users\doris\Desktop\Hilfe bei der Schädlingsbeseitigung.url
2013-07-11 16:46 - 2013-07-11 16:46 - 00000000 ____D C:\Users\doris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
2013-07-11 14:47 - 2013-05-29 03:56 - 12333568 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 14:47 - 2013-05-29 03:50 - 01800704 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 14:47 - 2013-05-29 03:48 - 09738752 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 14:47 - 2013-05-29 03:41 - 01427968 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-11 14:47 - 2013-05-29 03:41 - 01129472 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 14:47 - 2013-05-29 03:41 - 01104384 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 14:47 - 2013-05-29 03:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-11 14:47 - 2013-05-29 03:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 14:47 - 2013-05-29 03:37 - 00142848 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-11 14:47 - 2013-05-29 03:36 - 00420864 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-11 14:47 - 2013-05-29 03:35 - 00717824 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 14:47 - 2013-05-29 03:35 - 00607744 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 14:47 - 2013-05-29 03:33 - 02382848 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 14:47 - 2013-05-29 03:33 - 01796096 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 14:47 - 2013-05-29 03:33 - 00073216 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-11 14:47 - 2013-05-29 03:29 - 00176640 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 14:18 - 2013-06-04 03:50 - 02049024 ____A (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 14:18 - 2013-06-01 06:06 - 00505344 ____A (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 14:18 - 2013-05-08 06:04 - 01548288 ____A (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 14:18 - 2013-04-17 13:28 - 01029120 ____A (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-11 14:18 - 2013-04-17 13:28 - 00219648 ____A (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-11 14:18 - 2013-04-17 13:28 - 00189952 ____A (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-11 14:18 - 2013-04-17 13:28 - 00160768 ____A (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-11 14:18 - 2013-04-17 12:34 - 01172480 ____A (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-11 14:18 - 2013-04-17 12:33 - 00486400 ____A (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-11 14:18 - 2013-04-17 12:14 - 00683008 ____A (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-11 14:18 - 2013-04-17 12:10 - 01069056 ____A (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 14:18 - 2013-04-17 12:10 - 00798208 ____A (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-09 11:23 - 2013-07-10 11:20 - 00013824 ____A C:\Users\doris\Documents\Entwässerung WM KG.xlr
2013-07-08 11:28 - 2013-07-08 22:56 - 00010752 ____A C:\Users\doris\Documents\zisternenberechnung.xlr
2013-07-05 14:55 - 2013-07-05 14:55 - 00000000 ____D C:\Windows\system32\20-20 Technologies
2013-07-03 11:52 - 2013-07-03 22:08 - 17314268 ____A C:\Users\doris\Documents\zauberstaude bestellung 2012.wps
2013-07-03 10:57 - 2013-07-10 07:10 - 00393216 ____A C:\Users\doris\Documents\Futterplan-Florian-07-2013.xlr
2013-06-28 17:27 - 2013-06-28 17:27 - 00000000 ____D C:\Users\doris\AppData\Roaming\SketchUp
2013-06-28 16:14 - 2013-06-28 16:14 - 00003120 ____A C:\Windows\system32\ALLFSAF13a.ocx
2013-06-28 16:14 - 2013-06-28 16:14 - 00002063 ____A C:\Users\Public\Desktop\Style Builder 2013.lnk
2013-06-28 16:14 - 2013-06-28 16:14 - 00001977 ____A C:\Users\Public\Desktop\LayOut 2013.lnk
2013-06-28 16:14 - 2013-06-28 16:14 - 00001896 ____A C:\Users\Public\Desktop\SketchUp 2013.lnk
2013-06-28 16:14 - 2013-06-28 16:14 - 00000000 ____D C:\ProgramData\SketchUp
2013-06-28 16:14 - 2013-06-28 16:14 - 00000000 ____D C:\Program Files\SketchUp
2013-06-28 14:41 - 2013-06-28 14:42 - 79487688 ____A (Trimble Navigation Limited) C:\Users\doris\Downloads\SketchUpWDE-13.exe
2013-06-28 13:47 - 2013-06-28 13:47 - 00000000 ____D C:\Users\doris\AppData\Local\freecad
2013-06-28 13:32 - 2013-06-28 13:42 - 00000000 ____D C:\Users\doris\AppData\Roaming\FreeCAD
2013-06-28 13:31 - 2013-06-28 13:31 - 00000000 ____D C:\Program Files\FreeCAD0.13
2013-06-28 13:28 - 2013-06-28 13:29 - 106101248 ____A C:\Users\doris\Downloads\FreeCAD_0.13.1828_x86_setup.msi
2013-06-27 22:13 - 2013-06-28 22:44 - 00010752 ____A C:\Users\doris\Documents\Berechnung Vollgeschoß.xlr
2013-06-27 19:20 - 2013-06-27 19:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-25 16:00 - 2013-06-25 16:00 - 00002035 ____A C:\Users\doris\AppData\Local\recently-used.xbel
2013-06-21 18:16 - 2013-06-26 23:22 - 00393728 ____A C:\Users\doris\Documents\Futterplan-Florian-06-2013.xlr
2013-06-21 13:09 - 2013-07-01 23:18 - 00014336 ____A C:\Users\doris\Documents\haushöhe neu.xlr
2013-06-21 10:07 - 2013-06-21 11:24 - 00010752 ____A C:\Users\doris\Documents\haushöhe.xlr
2013-06-20 11:40 - 2013-06-21 00:11 - 00010752 ____A C:\Users\doris\Documents\Höhenberechnung Haus Bendig.xlr
2013-06-14 09:32 - 2013-06-14 09:32 - 00126464 ____A C:\Users\doris\Documents\fotocommunity sicher.xlr
2013-06-12 18:04 - 2013-06-12 18:04 - 00000223 ____A C:\Users\doris\Documents\fc-helmut wolf.txt
2013-06-12 10:34 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 10:34 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-06-12 10:34 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-06-12 10:34 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 10:34 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-06-12 10:34 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 10:34 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 10:34 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 10:34 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 10:34 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 10:34 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll

Micha84 · 12.07.2013

==================== One Month Modified Files and Folders =======

2013-07-12 08:37 - 2013-07-12 08:37 - 01218598 ____A (Farbar) C:\Users\doris\Downloads\FRST(1).exe
2013-07-12 08:35 - 2013-07-12 08:35 - 01218598 ____A (Farbar) C:\Users\doris\Downloads\FRST (2).exe
2013-07-12 08:33 - 2013-07-12 08:33 - 01218598 ____A (Farbar) C:\Users\doris\Downloads\FRST (1).exe
2013-07-12 08:33 - 2013-03-01 00:20 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-12 08:17 - 2013-02-21 15:55 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-12 08:13 - 2013-02-21 15:52 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562024059-4152139979-2027613617-1000UA.job
2013-07-12 07:55 - 2013-07-12 07:54 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-07-12 07:36 - 2008-11-11 18:50 - 01966633 ____A C:\Windows\WindowsUpdate.log
2013-07-12 07:32 - 2011-10-20 14:47 - 00000000 ____D C:\Users\test\AppData\Local\Google
2013-07-12 07:27 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-12 07:27 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-12 05:22 - 2013-02-21 15:55 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-12 03:38 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 03:27 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-12 03:27 - 2006-11-02 14:47 - 00294808 ____A C:\Windows\system32\FNTCACHE.DAT
2013-07-12 03:25 - 2011-10-20 15:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 03:23 - 2008-11-11 18:51 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-07-12 03:23 - 2006-11-02 15:01 - 00032562 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-12 03:21 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-07-11 22:00 - 2013-07-11 22:00 - 00000000 ____D C:\Users\test\AppData\Roaming\Avira
2013-07-11 21:49 - 2013-07-11 21:49 - 00029155 ____A C:\Users\test\Desktop\FRST.txt
2013-07-11 21:48 - 2013-07-11 21:48 - 00000000 ____D C:\Users\test\AppData\Roaming\SketchUp
2013-07-11 21:02 - 2013-07-11 21:02 - 00000000 ____D C:\FRST
2013-07-11 20:58 - 2013-07-11 20:58 - 01218590 ____A (Farbar) C:\Users\test\Desktop\FRST.exe
2013-07-11 20:46 - 2013-02-22 14:44 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-11 20:46 - 2013-02-22 14:44 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-11 20:45 - 2011-10-20 14:46 - 00072680 ____A C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-11 20:44 - 2013-07-11 20:44 - 00000000 ____D C:\Users\test\AppData\Roaming\Malwarebytes
2013-07-11 20:44 - 2013-07-11 20:44 - 00000000 ____D C:\Users\test\AppData\Local\Mozilla
2013-07-11 20:44 - 2012-10-24 14:02 - 00000000 ____D C:\Users\test\AppData\Roaming\Mozilla
2013-07-11 20:38 - 2013-07-11 20:38 - 01218590 ____A (Farbar) C:\Users\doris\Desktop\FRST.exe
2013-07-11 19:40 - 2013-07-11 19:40 - 00388608 ____A (Trend Micro Inc.) C:\Users\doris\Downloads\HijackThis.exe
2013-07-11 19:39 - 2013-07-11 19:39 - 00024831 ____A C:\Users\doris\Documents\download.htm
2013-07-11 17:34 - 2013-07-11 17:34 - 00000282 ____A C:\Users\doris\Desktop\Hilfe bei der Schädlingsbeseitigung.url
2013-07-11 17:14 - 2013-02-21 15:52 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562024059-4152139979-2027613617-1000Core.job
2013-07-11 16:46 - 2013-07-11 16:46 - 00000000 ____D C:\Users\doris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
2013-07-11 14:54 - 2008-01-21 09:16 - 01581712 ____A C:\Windows\system32\PerfStringBackup.INI
2013-07-11 14:48 - 2006-11-02 12:24 - 75699896 ____A (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-07-11 14:40 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 14:01 - 2011-08-15 07:58 - 00000000 ____D C:\Users\doris\Desktop\Lightroom
2013-07-10 11:20 - 2013-07-09 11:23 - 00013824 ____A C:\Users\doris\Documents\Entwässerung WM KG.xlr
2013-07-10 11:20 - 2009-01-14 11:52 - 00018952 ____A C:\Users\doris\AppData\Roaming\wklnhst.dat
2013-07-10 07:10 - 2013-07-03 10:57 - 00393216 ____A C:\Users\doris\Documents\Futterplan-Florian-07-2013.xlr
2013-07-08 22:56 - 2013-07-08 11:28 - 00010752 ____A C:\Users\doris\Documents\zisternenberechnung.xlr
2013-07-05 14:55 - 2013-07-05 14:55 - 00000000 ____D C:\Windows\system32\20-20 Technologies
2013-07-03 22:08 - 2013-07-03 11:52 - 17314268 ____A C:\Users\doris\Documents\zauberstaude bestellung 2012.wps
2013-07-01 23:18 - 2013-06-21 13:09 - 00014336 ____A C:\Users\doris\Documents\haushöhe neu.xlr
2013-07-01 23:17 - 2013-05-22 06:38 - 00194560 ____A C:\Users\doris\Documents\fotocommunity.xlr
2013-06-29 09:36 - 2013-02-21 15:34 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-28 22:44 - 2013-06-27 22:13 - 00010752 ____A C:\Users\doris\Documents\Berechnung Vollgeschoß.xlr
2013-06-28 17:27 - 2013-06-28 17:27 - 00000000 ____D C:\Users\doris\AppData\Roaming\SketchUp
2013-06-28 16:14 - 2013-06-28 16:14 - 00003120 ____A C:\Windows\system32\ALLFSAF13a.ocx
2013-06-28 16:14 - 2013-06-28 16:14 - 00002063 ____A C:\Users\Public\Desktop\Style Builder 2013.lnk
2013-06-28 16:14 - 2013-06-28 16:14 - 00001977 ____A C:\Users\Public\Desktop\LayOut 2013.lnk
2013-06-28 16:14 - 2013-06-28 16:14 - 00001896 ____A C:\Users\Public\Desktop\SketchUp 2013.lnk
2013-06-28 16:14 - 2013-06-28 16:14 - 00000000 ____D C:\ProgramData\SketchUp
2013-06-28 16:14 - 2013-06-28 16:14 - 00000000 ____D C:\Program Files\SketchUp
2013-06-28 14:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-06-28 14:42 - 2013-06-28 14:41 - 79487688 ____A (Trimble Navigation Limited) C:\Users\doris\Downloads\SketchUpWDE-13.exe
2013-06-28 14:29 - 2008-12-05 14:55 - 00000000 ____D C:\Users\doris
2013-06-28 13:47 - 2013-06-28 13:47 - 00000000 ____D C:\Users\doris\AppData\Local\freecad
2013-06-28 13:42 - 2013-06-28 13:32 - 00000000 ____D C:\Users\doris\AppData\Roaming\FreeCAD
2013-06-28 13:31 - 2013-06-28 13:31 - 00000000 ____D C:\Program Files\FreeCAD0.13
2013-06-28 13:29 - 2013-06-28 13:28 - 106101248 ____A C:\Users\doris\Downloads\FreeCAD_0.13.1828_x86_setup.msi
2013-06-27 19:21 - 2013-06-27 19:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-27 09:06 - 2011-08-15 20:30 - 00000000 ____D C:\Users\doris\Desktop\Unbenannter Export
2013-06-26 23:22 - 2013-06-21 18:16 - 00393728 ____A C:\Users\doris\Documents\Futterplan-Florian-06-2013.xlr
2013-06-25 16:03 - 2013-03-09 01:56 - 00000000 ____D C:\Users\doris\.gimp-2.8
2013-06-25 16:00 - 2013-06-25 16:00 - 00002035 ____A C:\Users\doris\AppData\Local\recently-used.xbel
2013-06-24 19:39 - 2008-12-05 15:00 - 00000000 ____D C:\Users\doris\AppData\Local\Google
2013-06-21 11:24 - 2013-06-21 10:07 - 00010752 ____A C:\Users\doris\Documents\haushöhe.xlr
2013-06-21 10:11 - 2013-02-21 15:52 - 00002084 ____A C:\Users\doris\Desktop\Google Chrome.lnk
2013-06-21 09:40 - 2008-01-21 04:47 - 00119228 ____A C:\Windows\PFRO.log
2013-06-21 00:11 - 2013-06-20 11:40 - 00010752 ____A C:\Users\doris\Documents\Höhenberechnung Haus Bendig.xlr
2013-06-21 00:07 - 2013-03-16 15:52 - 00015360 ____A C:\Users\doris\Documents\Abwasserleitun.xlr
2013-06-14 09:32 - 2013-06-14 09:32 - 00126464 ____A C:\Users\doris\Documents\fotocommunity sicher.xlr
2013-06-13 07:19 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-12 18:04 - 2013-06-12 18:04 - 00000223 ____A C:\Users\doris\Documents\fc-helmut wolf.txt
2013-06-12 08:33 - 2013-03-01 00:20 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-06-12 08:33 - 2013-03-01 00:20 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-07-12 03:34

==================== End Of Log ==========================

Renee · 12.07.2013

Warum löscht Du nicht die HD und spielst Dein Backup auf? Oder hast Du keines?

schrauber · 12.07.2013

Hi,

bitte nochmal nen Fix mit FRST machen, im infizierten Profil, und zwar mit diesem Text.

HKCU\...\Run: [8efdd99c-0314-0000-935f-0000667d2b6c] - C:\ProgramData\8efdd99c-0314-0000-935f-0000667d2b6c\8efdd99c-0314-0000-935f-0000667d2b6c.exe
C:\ProgramData\8efdd99c-0314-0000-935f-0000667d2b6c
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm043^YY^de&si=swissconverter&ptb=739A72AC-16EE-4F13-A04F-B19CE0B23F27&ind=2013022817&n=77fc4a61&psa=&st=sb&searchfor={searchTerms}
2013-07-11 16:46 - 2013-07-11 16:46 - 00000000 ____D C:\Users\doris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus

Micha84 · 12.07.2013

Hier die fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-07-2013
Ran by doris at 2013-07-12 12:47:50 Run:2
Running from C:\Users\doris\Desktop
Boot Mode: Normal

==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\8efdd99c-0314-0000-935f-0000667d2b6c => Value deleted successfully.
C:\ProgramData\8efdd99c-0314-0000-935f-0000667d2b6c => File/Directory not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key deleted successfully.
HKCR\CLSID\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
C:\Users\doris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus => Moved successfully.

==== End of Fixlog ====

Viele Grüsse und großen Dank schon einmal für Deine Hilfe. Allein wäre ich ziemlich aufgeschmissen.

schrauber · 12.07.2013

Ok,

noch Probleme mit dem Rechner`?

System Care Antivirus entfernen

Micha84

schrauber

Micha84

Micha84

Micha84

Micha84

Micha84

schrauber

Micha84

schrauber

Micha84

Micha84

Micha84

Micha84

Micha84

Micha84

Renee

schrauber

Micha84

schrauber

System Care Antivirus entfernen

ANGEBOTE & SPONSOREN

Neueste Themen

Statistik des Forums