Umleitung von Google-Links auf Werbeseiten

carmina · 14.08.2013, 22:51

Hallo,

habe seit mehreren Monaten das Problem. dass ich nicht mit Google suchen kann, da alle Links beim Anklicken auf immer wechselne Werbeseiten umgeleitet werden. Im Adressfenster taucht dann kurz 'ihavenet' auf.

Der Avira Scanner hat nichts gefunden.

Ich hoffe, es kann jemand helfen.

Vielen Dank schon mal.
Siggi

Hier die Logs:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:13 on 14/08/2013 (Sigrid)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-08-2013 01
Ran by Sigrid (administrator) on 14-08-2013 22:20:50
Running from C:\Users\Sigrid\Desktop
Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(DeTeWe AG & Co.) C:\Program Files\Telekom\Eumex 504PC USB\Capictrl.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Dropbox, Inc.) C:\Users\Sigrid\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [facemoods] - C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe [329432 2011-04-14] (facemoods.com)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [hpqSRMon] - [x]
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5078416 2009-08-28] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [357936 2009-08-28] (Acronis)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1644680 2013-02-08] (Ask)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
MountPoints2: {754e84ce-871b-11e1-a06a-001e101f4e71} - F:\AutoRun.exe
MountPoints2: {d1edfdab-7774-11e1-a049-001f3c0b2c79} - F:\AutoRun.exe
MountPoints2: {d1edfdc8-7774-11e1-a049-001e101f859f} - F:\AutoRun.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Sigrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CAPIControl.lnk
ShortcutTarget: CAPIControl.lnk -> C:\Program Files\Telekom\Eumex 504PC USB\Capictrl.exe (DeTeWe AG & Co.)
Startup: C:\Users\Sigrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sigrid\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=gppc
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=727DBF32-CFC0-468F-9E9C-744425E244AB&apn_sauid=28FD8D5F-C1B5-4DFA-A56F-1A778DD1DC7B
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=727DBF32-CFC0-468F-9E9C-744425E244AB&apn_sauid=28FD8D5F-C1B5-4DFA-A56F-1A778DD1DC7B
BHO: CescrtHlpr Object - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU -Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Handler: msdaipp - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.220.1

FireFox:
========
FF ProfilePath: C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\w5ru30t9.default
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\w5ru30t9.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\w5ru30t9.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
FF Extension: No Name - C:\Users\Sigrid\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org
FF Extension: Ask Toolbar - C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\w5ru30t9.default\Extensions\toolbar@ask.com
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.10.8) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U1) - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (ScorchPlugin) - C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Sigrid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Sigrid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Easy Youtube Video Downloader) - C:\Users\Sigrid\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmknocfkgffdgekmfonabppnhdgmghem\4.1_0
CHR Extension: (DealPly) - C:\Users\Sigrid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.5.3.0_0
CHR Extension: (Funmoods) - C:\Users\Sigrid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\2.1.0_0
CHR Extension: (Gmail) - C:\Users\Sigrid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files\facemoods.com\facemoods\1.4.17.8\dealply.crx
CHR HKLM\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoods.crx

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [661072 2009-08-28] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2326912 2012-05-22] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [170000 2007-12-19] (AMD Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-28] (Avira Operations GmbH & Co. KG)
R2 CAPI20; C:\Windows\System32\Drivers\CAPI20.SYS [183040 2000-05-30] (DETEWE/CTK/RPH/AS)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [101120 2009-10-12] (Huawei Technologies Co., Ltd.)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [65024 2007-09-29] (JMicron Technology Corp.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-02-26] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-10] (Avira GmbH)
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2012-05-22] (Acronis)
S3 AVFSFilter; system32\DRIVERS\avfsfilter.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-14 22:18 - 2013-08-14 22:18 - 01068807 _____ (Farbar) C:\Users\Sigrid\Desktop\FRST.exe
2013-08-14 22:13 - 2013-08-14 22:13 - 00000474 _____ C:\Users\Sigrid\Desktop\defogger_disable.log
2013-08-14 22:13 - 2013-08-14 22:13 - 00000000 _____ C:\Users\Sigrid\defogger_reenable
2013-08-14 22:07 - 2013-08-14 22:07 - 00050477 _____ C:\Users\Sigrid\Desktop\Defogger.exe
2013-08-14 16:49 - 2013-07-30 06:30 - 01176576 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 16:49 - 2013-07-30 06:30 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 16:49 - 2013-07-30 06:30 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-14 16:49 - 2013-07-30 06:29 - 06118912 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 16:49 - 2013-07-30 06:29 - 03625472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 16:49 - 2013-07-30 06:29 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-08-14 16:49 - 2013-07-30 06:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 16:49 - 2013-07-30 06:29 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 16:49 - 2013-07-30 06:29 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-14 16:49 - 2013-07-30 06:29 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 16:49 - 2013-07-30 06:29 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-14 16:49 - 2013-07-30 06:29 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 16:49 - 2013-07-30 06:29 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 16:49 - 2013-07-30 00:27 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-14 16:49 - 2013-07-30 00:12 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 16:49 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 16:49 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 16:49 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 16:49 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 16:49 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 16:49 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 16:49 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 16:49 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 16:49 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 16:49 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 16:49 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 16:49 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-05 17:25 - 2013-08-05 17:25 - 00002079 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-02 12:01 - 2013-08-02 12:01 - 01067456 _____ (Solid State Networks) C:\Users\Sigrid\Desktop\install_flashplayer11x32au_mssd_awc_aih.exe

==================== One Month Modified Files and Folders =======

2013-08-14 22:20 - 2013-08-14 22:20 - 00000000 ___DC C:\FRST
2013-08-14 22:18 - 2013-08-14 22:18 - 01068807 _____ (Farbar) C:\Users\Sigrid\Desktop\FRST.exe
2013-08-14 22:15 - 2006-11-02 14:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-14 22:15 - 2006-11-02 14:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-14 22:13 - 2013-08-14 22:13 - 00000474 _____ C:\Users\Sigrid\Desktop\defogger_disable.log
2013-08-14 22:13 - 2013-08-14 22:13 - 00000000 _____ C:\Users\Sigrid\defogger_reenable
2013-08-14 22:13 - 2011-04-26 19:47 - 00000000 ____D C:\Users\Sigrid
2013-08-14 22:07 - 2013-08-14 22:07 - 00050477 _____ C:\Users\Sigrid\Desktop\Defogger.exe
2013-08-14 21:54 - 2012-06-15 13:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-14 21:53 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-14 21:22 - 2011-05-21 02:04 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-14 20:41 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-14 20:34 - 2008-01-21 03:39 - 01743682 _____ C:\Windows\WindowsUpdate.log
2013-08-14 20:30 - 2006-11-02 12:33 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 20:25 - 2011-12-04 20:06 - 00000000 ___RD C:\Users\Sigrid\Dropbox
2013-08-14 20:25 - 2011-12-04 20:02 - 00000000 ____D C:\Users\Sigrid\AppData\Roaming\Dropbox
2013-08-14 20:25 - 2011-05-21 02:04 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-14 20:24 - 2012-11-28 00:50 - 00000310 _____ C:\Windows\Tasks\Zvfdo.job
2013-08-14 20:24 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-14 20:22 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-14 17:21 - 2006-11-02 15:01 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-14 17:20 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-05 17:25 - 2013-08-05 17:25 - 00002079 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-05 17:25 - 2011-05-21 02:04 - 00000000 ____D C:\Program Files\Google
2013-08-05 01:09 - 2011-10-27 14:39 - 00000000 ____D C:\Users\Sigrid\Documents\Eigene Scans
2013-08-02 12:01 - 2013-08-02 12:01 - 01067456 _____ (Solid State Networks) C:\Users\Sigrid\Desktop\install_flashplayer11x32au_mssd_awc_aih.exe
2013-08-02 01:28 - 2011-05-21 02:06 - 00001977 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-30 06:30 - 2013-08-14 16:49 - 01176576 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-30 06:30 - 2013-08-14 16:49 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-30 06:30 - 2013-08-14 16:49 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-30 06:29 - 2013-08-14 16:49 - 06118912 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-30 06:29 - 2013-08-14 16:49 - 03625472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-30 06:29 - 2013-08-14 16:49 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-07-30 06:29 - 2013-08-14 16:49 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-30 06:29 - 2013-08-14 16:49 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-30 06:29 - 2013-08-14 16:49 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-30 06:29 - 2013-08-14 16:49 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-30 06:29 - 2013-08-14 16:49 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-30 06:29 - 2013-08-14 16:49 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-30 06:29 - 2013-08-14 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-30 00:27 - 2013-08-14 16:49 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-30 00:12 - 2013-08-14 16:49 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-17 21:41 - 2013-08-14 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-15 00:07 - 2011-04-27 12:56 - 00002637 _____ C:\Users\Sigrid\Desktop\Microsoft Office Word 2003.lnk

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-14 20:29

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-08-2013 01
Ran by Sigrid at 2013-08-14 22:21:58
Running from C:\Users\Sigrid\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

32 Bit HP CIO Components Installer (Version: 7.1.8)
Acronis*True*Image*Home (Version: 13.0.5029)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
AIO_Scan (Version: 100.0.206.000)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.15.15.0)
Ask Toolbar Updater (HKCU Version: 1.2.4.36191)
Audacity 1.2.6
Avira Free Antivirus (Version: 13.0.0.3885)
BufferChm (Version: 100.0.170.000)
C4380 (Version: 100.0.206.000)
C4380_Help (Version: 100.0.206.000)
C4380_Help (Version: 90.0.189.000)
capella reader (Version: 7.1.7)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000)
Conexant HD Audio (Version: 4.36.7.60)
Copy (Version: 100.0.170.000)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 100.0.190.000)
DocProc (Version: 10.0.0.0)
Dropbox (HKCU Version: 2.0.22)
Eumex 504PC USB (Version: 1.11.0.0)
Facemoods Toolbar
Fax (Version: 100.0.187.000)
Google Chrome (Version: 28.0.1500.95)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
GPBaseService (Version: 100.0.187.000)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Photosmart All-In-One Driver Software 10.0 Rel .2 (Version: 10.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Solution Center 10.0 (Version: 10.0)
HP Update (Version: 5.003.001.001)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000)
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000)
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000)
hpphotosmartdisclabelplugin (Version: 2.02.0000)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000)
HPProductAssistant (Version: 90.0.146.000)
HPSSupply (Version: 100.0.170.000)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel(R) TV Wizard
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 29 (Version: 6.0.290)
JavaFX 2.1.1 (Version: 2.1.1)
MarketResearch (Version: 100.0.170.000)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mobile Partner (Version: 16.001.06.03.52)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Essentials (Version: 7.02.3307)
Nokia Connectivity Cable Driver (Version: 7.1.20.0)
Nokia Ovi Suite (Version: 2.0.1.36)
Nokia Ovi Suite Software Updater (Version: 02.05.008.43342)
Nokia_Multimedia_Common_Components_2_5 (Version: 2.5.197)
OCR Software by I.R.I.S. 10.0 (Version: 10.0)
Ovi Desktop Sync Engine (Version: 1.1.296.0)
OviMPlatform (Version: 2.5.30.2)
PanoStandAlone (Version: 100.0.170.000)
PC Connectivity Solution (Version: 9.39.0.0)
PS_AIO_02_ProductContext (Version: 100.0.206.000)
PS_AIO_02_Software (Version: 100.0.206.000)
PS_AIO_02_Software_Min (Version: 100.0.206.000)
PSSWCORE (Version: 2.02.0000)
QuickTime (Version: 7.72.80.56)
Scan (Version: 10.1.0.0)
Shop for HP Supplies (Version: 10.0)
Sibelius Scorch (Firefox, Opera, Netscape only) (Version: 6.2.0)
SolutionCenter (Version: 100.0.175.000)
Status (Version: 100.0.175.000)
TeamViewer 7 (Version: 7.0.12142)
Toolbox (Version: 100.0.170.000)
TrayApp (Version: 100.0.170.000)
TuxGuitar (Version: 1.2)
UnloadSupport (Version: 10.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
VideoToolkit01 (Version: 100.0.128.000)
VLC media player 1.1.11 (Version: 1.1.11)
WebReg (Version: 100.0.170.000)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Winmail Opener 1.4 (Version: 1.4)
Zimbra Desktop (Version: 2.0.0)

==================== Restore Points =========================

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0B515DCE-DB5A-44EB-A467-871DE8541A86} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {22E1772E-7DFE-4C5F-841F-1C93FD5D82A4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {2DE18FE4-6467-484F-8431-206702EC5546} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {2E5B7D97-F14C-4CFF-864E-620AABA892D1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {31C65DF0-D9ED-4778-9FCF-738453587AB3} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-02-08] ()
Task: {31D0C8A4-B75D-4D62-A659-434925C2BAAA} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {4A084EDE-4D4E-4C8E-9F02-A1B9DDC69FFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-21] (Google Inc.)
Task: {4AEDA69F-4BBD-40F1-9211-E16A2EFB3F01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-21] (Google Inc.)
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {699E8A57-7963-4E91-9B81-9CF0359FDBDD} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Sigrid => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {7D210880-86E2-44C7-B8D6-A6855E07A3EF} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {938E095D-C290-42E4-ABFB-0CA7B439F765} - System32\Tasks\Zvfdo => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {AA3847C4-66E6-4F0F-9FDE-FE8FDFC88F17} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation)
Task: {B99ECADB-B907-49AA-A2D4-8A6F1D035932} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {EBCB7FBF-0770-4E2A-BAAA-001A4BD59C7A} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Zvfdo.job => C:\Windows\system32\hpowiax5C.dll

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2013 08:25:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 11:04:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 11:55:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2013 08:44:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2013 10:51:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2013 10:16:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2013 00:26:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2013 10:58:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 10:12:46 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2013 07:42:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (08/14/2013 08:28:51 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (08/14/2013 08:26:42 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (08/14/2013 08:25:08 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (08/14/2013 04:47:40 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "D-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C02CF2AF-6C84-4528-BAB9-1B318A65EBF7}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (08/14/2013 02:31:20 PM) (Source: Service Control Manager) (User: )
Description: 30000Netman

Error: (08/14/2013 11:06:40 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (08/14/2013 11:05:16 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (08/14/2013 11:04:59 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (08/14/2013 02:30:32 AM) (Source: Service Control Manager) (User: )
Description: Pml Driver HPZ12%%1053

Error: (08/14/2013 02:30:32 AM) (Source: Service Control Manager) (User: )
Description: 30000Pml Driver HPZ12

Microsoft Office Sessions:
=========================
Error: (08/14/2013 08:25:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 11:04:59 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 11:55:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2013 08:44:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2013 10:51:28 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2013 10:16:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2013 00:26:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2013 10:58:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 10:12:46 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2013 07:42:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2011-05-02 22:39:38.556
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2011-05-02 22:39:38.494
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2011-05-02 22:39:38.431
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2011-05-02 22:39:38.369
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2011-05-02 22:39:38.291
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2011-05-02 22:03:15.328
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2011-05-02 22:03:15.250
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2011-05-02 22:03:15.172
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2011-05-02 22:03:15.094
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2011-05-02 22:03:15.016
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 2037.69 MB
Available physical RAM: 883.25 MB
Total Pagefile: 4316.65 MB
Available Pagefile: 2980.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.85 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:50 GB) (Free:17.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:180.87 GB) (Free:175.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 7AB852FC)
Partition 1: (Not Active) - (Size=2 GB) - (Type=27)
Partition 2: (Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=181 GB) - (Type=07 NTFS)

==================== End Of Log ============================

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-14 23:21:20
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST9250827AS rev.3.AAA 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Sigrid\AppData\Local\Temp\pwliqpob.sys

---- System - GMER 2.1 ----

SSDT 8A7B5DC6 ZwCreateSection
SSDT 8A7B5DD0 ZwRequestWaitReplyPort
SSDT 8A7B5DCB ZwSetContextThread
SSDT 8A7B5DD5 ZwSetSecurityObject
SSDT 8A7B5DDA ZwSystemDebugControl
SSDT 8A7B5D67 ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!KeSetEvent + 215 81EBB860 4 Bytes [C6, 5D, 7B, 8A]
.text ntkrnlpa.exe!KeSetEvent + 539 81EBBB84 4 Bytes [D0, 5D, 7B, 8A]
.text ntkrnlpa.exe!KeSetEvent + 56D 81EBBBB8 4 Bytes [CB, 5D, 7B, 8A] {RETF ; POP EBP; JNP 0xffffff8e}
.text ntkrnlpa.exe!KeSetEvent + 5D1 81EBBC1C 4 Bytes [D5, 5D, 7B, 8A] {AAD 0x5d; JNP 0xffffff8e}
.text ntkrnlpa.exe!KeSetEvent + 619 81EBBC64 4 Bytes [DA, 5D, 7B, 8A]
.text ...

---- Devices - GMER 2.1 ----

Device Ntfs.sys

AttachedDevice tdrpm251.sys

Device rdpdr.sys
Device volmgr.sys

AttachedDevice fltmgr.sys

---- EOF - GMER 2.1 ----

Umleitung von Google-Links auf Werbeseiten

Log-Analyse und Auswertung: Umleitung von Google-Links auf Werbeseiten

Umleitung von Google-Links auf Werbeseiten

Ähnliche Themen: Umleitung von Google-Links auf Werbeseiten