Virus TR/Sirefef.A.40 lässt sich nicht entfernen

Ruby84 · 04.09.2013, 20:42

Hallo,

ich habe das Virenprogramm Avira auf meinem Laptop installiert und bekomme schon seit längerem immer wieder den gleichen Sicherheitshinweis:

Der Zugriff auf die Datei 'C:\Windows\Installer\...\00000001.@', die ein Virus oder unerwünschtes Programm 'TR/Sirefef.A.40' enthält, wurde verweigert.

Wie kann ich dieses Ding entfernen? Wäre super, wenn mir jemand helfen kann.

Haben auch vor kurzem einen Brief von der Telekom bekommen, dass über unseren Internet-Zugang unerwünschte Zugriffe auf fremde Computer erfolgt sind (Hacking). Könnte das mit diesem Trojaner (oder was auch immer das ist) zusammenhängen?

Vielen Dank schon mal!!

aharonov · 04.09.2013, 20:47

Hallo,

ja da hast du ein unschönes Tierchen eingefangen.. ZeroAccess.
Ich brauch noch ein paar mehr Informationen zum Anfangen:
Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die resultierenden Logfiles hier.

Ruby84 · 05.09.2013, 08:06

Hallo Leo,
vielen Dank für deine Hilfe.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 07:42 on 05/09/2013 (Simone Mittermeier)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-09-2013
Ran by Simone Mittermeier (administrator) on SIMONESPC on 05-09-2013 07:50:08
Running from C:\Users\Simone Mittermeier\Desktop
Microsoft Windows 7 Professional  (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

() C:\Windows\system32\services.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
() C:\Program Files\dcmsvc\dcmsvc.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
() C:\Users\Simone Mittermeier\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Dropbox, Inc.) C:\Users\Simone Mittermeier\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-02] (Google)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NPSStartup] -  [x]
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [dcmsvc] - C:\Program Files\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-28] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKCU\...\Run: [AutoStartNPSAgent] - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2010-07-12] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Simone Mittermeier\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Simone Mittermeier\AppData\Local\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}\n. ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Simone Mittermeier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Simone Mittermeier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Simone Mittermeier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Simone Mittermeier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk
ShortcutTarget: Warner Bros.lnk -> C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
URLSearchHook: SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=3012_8&babsrc=SP_ss&mntrId=8c191f9200000000000000ff98dbd286
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=3012_8&babsrc=SP_ss&mntrId=8c191f9200000000000000ff98dbd286
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=CAmPr72jqpOxNwNJts2leBkKeWo?q={searchTerms}
SearchScopes: HKCU - {DC299A38-7AC4-45DB-AD3A-8B39358C0E0F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=5c03a5ed-ca92-402f-9c8e-70736e670c9c&apn_sauid=DB9100B9-FF28-4C99-89CD-0D105EBB3E6D
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 41 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default
FF NewTab: hxxp://search.babylon.com/?affID=112542&tt=3012_8&babsrc=NT_ss&mntrId=8c191f9200000000000000ff98dbd286
FF DefaultSearchEngine: Ask Search
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Simone Mittermeier\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Yahoo! Toolbar - C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: No Name - C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\Extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
FF Extension: toolbar_AVIRA-V7 - C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (getPlusPlus for Adobe 16260) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\20.53263_0
CHR Extension: (Google Docs) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-08-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-28] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [670792 2011-06-23] (Juniper Networks)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [67360 2009-12-17] (NOS Microsystems Ltd.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-02] (Google)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2011-06-22] (Juniper Networks, Inc.)
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-08-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-08-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-08-28] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2011-06-23] (Juniper Networks)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-01-08] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-28] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-05 07:49 - 2013-09-05 07:49 - 01080319 _____ (Farbar) C:\Users\Simone Mittermeier\Desktop\FRST.exe
2013-09-05 07:42 - 2013-09-05 07:42 - 00000498 _____ C:\Users\Simone Mittermeier\Desktop\defogger_disable.log
2013-09-05 07:42 - 2013-09-05 07:42 - 00000000 _____ C:\Users\Simone Mittermeier\defogger_reenable
2013-09-05 07:40 - 2013-09-05 07:41 - 00050477 _____ C:\Users\Simone Mittermeier\Desktop\Defogger.exe
2013-08-29 21:37 - 2013-08-29 21:38 - 117500804 _____ C:\Users\Simone Mittermeier\Desktop\Bewerbungsunterlagen_Simone Pöppell.tiff
2013-08-29 09:36 - 2013-08-29 09:35 - 00067168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-28 22:43 - 2013-08-28 22:43 - 00000000 ____D C:\Users\Simone Mittermeier\AppData\Roaming\Avira
2013-08-28 22:38 - 2013-08-28 22:38 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-28 22:38 - 2013-08-28 22:38 - 00000000 ____D C:\ProgramData\APN
2013-08-28 22:38 - 2013-08-28 22:38 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-08-28 22:37 - 2013-08-28 22:37 - 00002020 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-28 22:37 - 2013-08-28 22:36 - 00135136 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-28 22:37 - 2013-08-28 22:36 - 00084744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-28 22:37 - 2013-08-28 22:36 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-28 22:37 - 2013-08-28 22:36 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-08-28 22:36 - 2013-08-28 22:36 - 00000000 ____D C:\Program Files\Avira
2013-08-28 22:02 - 2013-08-28 22:02 - 02092792 _____ C:\Users\Simone Mittermeier\Downloads\avira_free_antivirus.exe
2013-08-26 20:47 - 2013-08-26 21:11 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\versuch (1)
2013-08-24 21:39 - 2013-08-24 21:39 - 00146624 _____ C:\Windows\Minidump\082413-29827-01.dmp
2013-08-20 23:48 - 2013-08-22 22:54 - 00099986 _____ C:\Users\Simone Mittermeier\Desktop\Lebenslauf_Absolventenbuch.odt
2013-08-18 22:06 - 2013-08-18 22:08 - 00009216 _____ C:\Users\Simone Mittermeier\Desktop\Bargeldkasse.xls
2013-08-18 22:04 - 2013-08-18 22:08 - 00009624 _____ C:\Users\Simone Mittermeier\Desktop\Bargeldkasse.ods
2013-08-18 21:04 - 2013-08-19 13:42 - 00023425 _____ C:\Users\Simone Mittermeier\Desktop\versuch (1).ods
2013-08-13 15:05 - 2013-08-13 15:05 - 00001024 _____ C:\Users\Simone Mittermeier\Desktop\Kontoauszug - Verknüpfung.lnk
2013-08-06 15:56 - 2013-08-09 09:45 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\Oma

==================== One Month Modified Files and Folders =======

2013-09-05 07:50 - 2013-09-05 07:50 - 00000000 ____D C:\FRST
2013-09-05 07:50 - 2009-07-14 06:34 - 00013248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 07:50 - 2009-07-14 06:34 - 00013248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 07:49 - 2013-09-05 07:49 - 01080319 _____ (Farbar) C:\Users\Simone Mittermeier\Desktop\FRST.exe
2013-09-05 07:42 - 2013-09-05 07:42 - 00000498 _____ C:\Users\Simone Mittermeier\Desktop\defogger_disable.log
2013-09-05 07:42 - 2013-09-05 07:42 - 00000000 _____ C:\Users\Simone Mittermeier\defogger_reenable
2013-09-05 07:42 - 2013-02-21 19:17 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-05 07:42 - 2010-01-01 20:30 - 00000000 ____D C:\Users\Simone Mittermeier
2013-09-05 07:41 - 2013-09-05 07:40 - 00050477 _____ C:\Users\Simone Mittermeier\Desktop\Defogger.exe
2013-09-05 07:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-09-05 07:27 - 2012-01-24 19:39 - 00000000 ___RD C:\Users\Simone Mittermeier\Dropbox
2013-09-05 07:27 - 2012-01-24 19:37 - 00000000 ____D C:\Users\Simone Mittermeier\AppData\Roaming\Dropbox
2013-09-05 07:26 - 2013-02-21 19:17 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-05 07:26 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-05 07:26 - 2009-07-14 06:39 - 00154209 _____ C:\Windows\setupact.log
2013-09-04 21:23 - 2012-11-10 13:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-31 00:03 - 2010-01-01 20:38 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\Simone
2013-08-29 21:38 - 2013-08-29 21:37 - 117500804 _____ C:\Users\Simone Mittermeier\Desktop\Bewerbungsunterlagen_Simone Pöppell.tiff
2013-08-29 09:35 - 2013-08-29 09:36 - 00067168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-29 09:32 - 2010-12-21 22:42 - 00176194 _____ C:\Windows\PFRO.log
2013-08-28 22:43 - 2013-08-28 22:43 - 00000000 ____D C:\Users\Simone Mittermeier\AppData\Roaming\Avira
2013-08-28 22:38 - 2013-08-28 22:38 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-28 22:38 - 2013-08-28 22:38 - 00000000 ____D C:\ProgramData\APN
2013-08-28 22:38 - 2013-08-28 22:38 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-08-28 22:37 - 2013-08-28 22:37 - 00002020 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-28 22:36 - 2013-08-28 22:37 - 00135136 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-28 22:36 - 2013-08-28 22:37 - 00084744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-28 22:36 - 2013-08-28 22:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-28 22:36 - 2013-08-28 22:37 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-08-28 22:36 - 2013-08-28 22:36 - 00000000 ____D C:\Program Files\Avira
2013-08-28 22:36 - 2012-06-03 22:02 - 00000000 ____D C:\ProgramData\Avira
2013-08-28 22:02 - 2013-08-28 22:02 - 02092792 _____ C:\Users\Simone Mittermeier\Downloads\avira_free_antivirus.exe
2013-08-26 21:11 - 2013-08-26 20:47 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\versuch (1)
2013-08-24 21:39 - 2013-08-24 21:39 - 00146624 _____ C:\Windows\Minidump\082413-29827-01.dmp
2013-08-24 21:39 - 2011-10-25 15:07 - 00000000 ____D C:\Windows\Minidump
2013-08-24 21:38 - 2011-10-25 15:07 - 282722380 _____ C:\Windows\MEMORY.DMP
2013-08-22 22:54 - 2013-08-20 23:48 - 00099986 _____ C:\Users\Simone Mittermeier\Desktop\Lebenslauf_Absolventenbuch.odt
2013-08-22 19:23 - 2012-11-10 13:32 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-22 19:23 - 2011-06-23 21:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-19 16:42 - 2010-01-01 20:30 - 01498332 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-19 13:42 - 2013-08-18 21:04 - 00023425 _____ C:\Users\Simone Mittermeier\Desktop\versuch (1).ods
2013-08-18 22:08 - 2013-08-18 22:06 - 00009216 _____ C:\Users\Simone Mittermeier\Desktop\Bargeldkasse.xls
2013-08-18 22:08 - 2013-08-18 22:04 - 00009624 _____ C:\Users\Simone Mittermeier\Desktop\Bargeldkasse.ods
2013-08-13 15:05 - 2013-08-13 15:05 - 00001024 _____ C:\Users\Simone Mittermeier\Desktop\Kontoauszug - Verknüpfung.lnk
2013-08-12 19:52 - 2013-07-31 18:09 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\Bewerbungsmist
2013-08-09 09:45 - 2013-08-06 15:56 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\Oma
2013-08-06 15:44 - 2013-04-12 14:50 - 00000000 ____D C:\Users\Simone Mittermeier\.gimp-2.8

ZeroAccess:
C:\Windows\Installer\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}
C:\Windows\Installer\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}\@
C:\Windows\Installer\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}\n
C:\Windows\Installer\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}\o
C:\Windows\Installer\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}\U\00000001.@
C:\Windows\Installer\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}\U\00000002.@
C:\Windows\Installer\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}\U\80000000.@
C:\Windows\Installer\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}\U\80000001.@
C:\Windows\Installer\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}\U\800000cb.@

ZeroAccess:
C:\Users\Simone Mittermeier\AppData\Local\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}
C:\Users\Simone Mittermeier\AppData\Local\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}\@

Files to move or delete:
====================
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-14 01:11] - [2009-07-14 03:14] - 0259072 ____N () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION!

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-04 13:47

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-09-2013
Ran by Simone Mittermeier at 2013-09-05 07:52:29
Running from C:\Users\Simone Mittermeier\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe AIR (Version: 3.2.0.2070)
Adobe Download Manager (Version: 1.6.2.60)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader 9.2 - Deutsch (Version: 9.2.0)
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18)
Amazon MP3-Downloader 1.0.9
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Panorama Maker 6 (Version: 6.0.8.85)
Avira Free Antivirus (Version: 13.0.0.3885)
Avira SearchFree Toolbar plus Web Protection (Version: 12.2.2.663)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.37)
BlackBerry Device Manager 7.0 (Version: 7.0.0.43)
Bonjour (Version: 3.0.0.10)
Brain Workshop 4.8.1 (Version: 4.8.1)
Citavi (Version: 3.3.0.0)
dcmsvc 1.0
Dropbox (HKCU Version: 2.0.22)
Filzip 3.06 (Version: 3.0.6)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (Version: 29.0.1547.62)
Google Desktop (Version: 5.9.1005.12335)
Google Update Helper (Version: 1.3.21.153)
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (Version: 22.0.334.0)
HP Deskjet 3050 J610 series Hilfe (Version: 140.0.63.63)
HP Photo Creations (Version: 1.0.0.3341)
HP Update (Version: 5.002.005.003)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes (Version: 11.0.4.4)
Java Auto Updater (Version: 2.0.5.1)
Java(TM) 6 Update 26 (Version: 6.0.260)
Juniper Installer Service (Version: 7.1.0.18671)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.1.3.11013)
Juniper Networks, Inc. Setup Client Activex Control (Version: 2.1.1.1)
Mein CEWE FOTOBUCH (Version: 4.8.6)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Default Manager (Version: 2.1.55.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mnemosyne 1.2.2
Mozilla Firefox 5.0 (x86 de) (Version: 5.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nikon Message Center 2 (Version: 2.1.0)
Nikon Movie Editor (Version: 2.7.0)
OpenOffice.org 3.1 (Version: 3.1.9420)
PDF24 Creator 5.4.0
Picture Control Utility (Version: 1.4.10)
QuickTime (Version: 7.74.80.86)
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio (Version: 1.00.0000)
Skype Toolbars (Version: 1.0.4051)
Skype™ 6.0 (Version: 6.0.120)
SopCast 3.0.3 (Version: 3.0.3)
Spybot - Search & Destroy (Version: 1.6.2)
Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten (Version: 22.0.334.0)
Synaptics Pointing Device Driver (Version: 14.0.3.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
ViewNX 2 (Version: 2.7.2)
VoiceOver Kit (Version: 1.42.128.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
XnView 1.97.6 (Version: 1.97.6)
 

==================== Restore Points  =========================

18-02-2013 11:23:41 Geplanter Prüfpunkt
09-03-2013 16:40:55 Installed iTunes
09-03-2013 16:57:55 Installed iTunes
07-04-2013 13:37:42 Installiert "ViewNX 2"
07-04-2013 13:43:09 Installiert Panorama Maker
25-04-2013 16:55:32 Geplanter Prüfpunkt
03-05-2013 17:37:46 Geplanter Prüfpunkt
15-05-2013 14:12:30 Geplanter Prüfpunkt
31-05-2013 14:40:39 Geplanter Prüfpunkt
04-08-2013 11:55:20 Geplanter Prüfpunkt
28-08-2013 20:40:55 Avira Free Antivirus - 28.08.2013 22:40
03-09-2013 18:04:08 Avira Free Antivirus - 03.09.2013 20:03

==================== Hosts content: ==========================

2009-07-14 04:04 - 2011-12-12 01:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0B01BD59-F695-4717-B516-051AB81663DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {204910A7-DBC9-47D4-963A-A1EFE3C191B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-21] (Google Inc.)
Task: {643FCA93-31E0-4E52-A408-8483795DAED3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-22] (Adobe Systems Incorporated)
Task: {918DE277-5B1E-4BBE-B602-A51456B153E8} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {925AAFDF-75FC-4E39-8E6B-18CDA5128548} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-21] (Google Inc.)
Task: {C217B94A-CFC3-4B14-B7C5-CBAC509BA2F0} - System32\Tasks\{726E7423-C60E-4136-8CF6-663CAF272962} => C:\Program Files\Skype\Phone\Skype.exe [2012-10-19] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-05-25 02:36 - 2013-05-25 02:36 - 00130736 _____ (Dropbox, Inc.) C:\Users\Simone Mittermeier\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2010-01-03 17:04 - 2004-09-08 14:45 - 00368128 _____ () C:\Program Files\Filzip\fzshext.dll
2010-01-02 23:44 - 2009-08-28 10:32 - 00169256 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2010-01-02 23:44 - 2009-08-28 10:32 - 00161064 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2010-08-25 20:02 - 2010-08-25 20:02 - 00086016 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2009-07-14 01:27 - 2009-07-14 03:14 - 00559616 _____ (Microsoft Corporation) C:\Windows\AppPatch\AcLayers.DLL
2011-07-09 23:15 - 2013-03-20 14:38 - 00057384 _____ (Geek Software GmbH) C:\Program Files\pdf24\Settings.dll
2011-07-09 23:15 - 2013-03-20 14:38 - 00395304 _____ (Geek Software GmbH) C:\Program Files\pdf24\NotifyIcon.dll
2011-07-09 23:15 - 2013-03-20 14:38 - 00047144 _____ (Geek Software GmbH) C:\Program Files\pdf24\Language.dll
2011-07-09 23:15 - 2013-03-20 14:38 - 00382504 _____ (Geek Software GmbH) C:\Program Files\pdf24\About.dll
2010-11-17 14:16 - 2010-11-17 14:16 - 00053024 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 01292136 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 00923496 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 16303976 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00073064 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2009-07-14 02:12 - 2009-07-14 03:14 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\Simone Mittermeier\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Simone Mittermeier\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\Simone Mittermeier\AppData\Roaming\Dropbox\bin\icudt.dll
2009-04-16 14:05 - 2009-04-16 14:05 - 01732608 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\sal3.dll
2009-04-16 14:03 - 2009-04-16 14:03 - 00086016 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\uwinapi.dll
2009-08-18 19:27 - 2009-08-18 19:27 - 00326144 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\sofficeapp.dll
2009-08-05 17:05 - 2009-08-05 17:05 - 00949248 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\comphelp4MSC.dll
2009-04-16 14:32 - 2009-04-16 14:32 - 00431104 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll
2009-04-16 14:07 - 2009-04-16 14:07 - 00013824 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\salhelper3MSC.dll
2009-04-16 14:29 - 2009-04-16 14:29 - 00143872 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\cppu3.dll
2009-04-16 13:57 - 2009-04-16 13:57 - 00597504 _____ (STLport Consulting, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\stlport_vc7145.dll
2009-04-16 14:35 - 2009-04-16 14:35 - 00356864 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\ucbhelper4MSC.dll
2009-04-16 14:08 - 2009-04-16 14:08 - 00094208 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\vos3MSC.dll
2009-04-16 14:45 - 2009-04-16 14:45 - 00024576 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\i18nisolang1MSC.dll
2009-07-17 12:12 - 2009-07-17 12:12 - 03121664 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\sfxmi.dll
2009-04-16 16:11 - 2009-04-16 16:11 - 00849408 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\fwemi.dll
2009-04-16 16:09 - 2009-04-16 16:09 - 00299008 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\fwimi.dll
2009-04-16 14:59 - 2009-04-16 14:59 - 00465920 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\utlmi.dll
2009-04-16 14:56 - 2009-04-16 14:56 - 00510464 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\tlmi.dll
2009-07-17 11:06 - 2009-07-17 11:06 - 00574464 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\basegfxmi.dll
2009-07-28 04:43 - 2009-07-28 04:43 - 03073024 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\vclmi.dll
2009-04-16 15:03 - 2009-04-16 15:03 - 00257024 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\sotmi.dll
2009-04-22 19:03 - 2009-04-22 19:03 - 00067072 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\i18nutilMSC.dll
2009-04-16 14:30 - 2009-04-16 14:30 - 00949760 _____ (IBM Corporation and others) C:\Program Files\OpenOffice.org 3\Basis\program\icuuc40.dll
2009-04-16 14:30 - 2009-04-16 14:30 - 13912064 _____ (IBM Corporation and others) C:\Program Files\OpenOffice.org 3\Basis\program\icudt40.dll
2009-04-16 15:35 - 2009-04-16 15:35 - 00730624 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\svlmi.dll
2009-07-17 11:38 - 2009-07-17 11:38 - 02886656 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\svtmi.dll
2009-07-28 05:06 - 2009-07-28 05:06 - 01870336 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\tkmi.dll
2009-06-10 11:28 - 2009-06-10 11:28 - 00089600 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\jvmfwk3.dll
2009-08-18 16:54 - 2009-08-18 16:54 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2009-04-16 17:02 - 2009-04-16 17:02 - 01310720 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\sbmi.dll
2009-04-16 14:59 - 2009-04-16 14:59 - 00529920 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\xcrmi.dll
2009-04-16 14:39 - 2009-04-16 14:39 - 00080384 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\saxmi.dll
2009-04-16 15:43 - 2009-04-16 15:43 - 00032768 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\jmi_g.dll
2009-04-16 14:31 - 2009-04-16 14:31 - 00024064 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\jvmaccess3MSC.dll
2009-06-26 10:34 - 2009-06-26 10:34 - 00052224 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\msci_uno.dll
2009-04-16 14:44 - 2009-04-16 14:44 - 00453632 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\bootstrap.uno.dll
2009-04-16 14:11 - 2009-04-16 14:11 - 00093184 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\reg3.dll
2009-04-16 14:09 - 2009-04-16 14:09 - 00078336 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\store3.dll
2009-04-16 14:29 - 2009-04-16 14:29 - 00012800 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\unsafe_uno_uno.dll
2009-04-16 14:29 - 2009-04-16 14:29 - 00018432 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\purpenvhelper3MSC.dll
2009-04-16 15:03 - 2009-04-16 15:03 - 01432064 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\configmgr2.uno.dll
2009-04-16 14:44 - 2009-04-16 14:44 - 00092672 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\stocservices.uno.dll
2009-04-16 15:01 - 2009-04-16 15:01 - 00037888 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\sysmgr1.uno.dll
2009-04-16 14:40 - 2009-04-16 14:40 - 00135680 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\sax.uno.dll
2009-04-16 15:17 - 2009-04-16 15:17 - 00030208 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\localebe1.uno.dll
2009-04-16 15:01 - 2009-04-16 15:01 - 00031232 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\behelper.uno.dll
2009-07-02 16:06 - 2009-07-02 16:06 - 00197632 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\ucb1.dll
2009-04-16 16:11 - 2009-04-16 16:11 - 00106496 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\fwlmi.dll
2009-07-02 16:10 - 2009-07-02 16:10 - 00243712 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\ucpfile1.dll
2009-04-16 16:14 - 2009-04-16 16:14 - 01880064 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\fwkmi.dll
2009-07-17 16:14 - 2009-07-17 16:14 - 00089088 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\oooimprovementmi.dll
2009-07-17 17:24 - 2009-07-17 17:24 - 00280576 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\oleautobridge.uno.dll
2009-04-16 14:39 - 2009-04-16 14:39 - 00148992 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\emsermi.dll
2011-07-07 22:06 - 2011-06-16 06:32 - 00781272 _____ (sqlite.org) C:\Program Files\Mozilla Firefox\mozsqlite3.dll
2011-07-07 22:06 - 2011-06-16 06:32 - 01850328 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2011-10-03 16:04 - 2012-10-04 20:32 - 00122880 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\CitaviPickerCommunication.dll

==================== Alternate Data Streams (whitelisted) ==========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2013 07:33:45 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25616

Error: (09/05/2013 07:33:45 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25616

Error: (09/05/2013 07:33:45 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/05/2013 07:33:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24602

Error: (09/05/2013 07:33:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24602

Error: (09/05/2013 07:33:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/05/2013 07:33:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8346

Error: (09/05/2013 07:33:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8346

Error: (09/05/2013 07:33:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/05/2013 07:33:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5476


System errors:
=============
Error: (09/05/2013 07:34:51 AM) (Source: Service Control Manager) (User: )
Description: Funktionssuche-Ressourcenveröffentlichung%%-2147024891

Error: (09/05/2013 07:34:51 AM) (Source: Service Control Manager) (User: )
Description: Heimnetzgruppen-AnbieterFunktionssuche-Ressourcenveröffentlichung%%-2147024891

Error: (09/05/2013 07:27:14 AM) (Source: Service Control Manager) (User: )
Description: Funktionssuche-Ressourcenveröffentlichung%%-2147024891

Error: (09/05/2013 07:27:14 AM) (Source: Service Control Manager) (User: )
Description: Heimnetzgruppen-AnbieterFunktionssuche-Ressourcenveröffentlichung%%-2147024891

Error: (09/05/2013 07:26:26 AM) (Source: Service Control Manager) (User: )
Description: Funktionssuche-Ressourcenveröffentlichung%%-2147024891

Error: (09/05/2013 07:26:26 AM) (Source: Service Control Manager) (User: )
Description: SBSD Security Center Servicewscsvc

Error: (09/05/2013 07:26:26 AM) (Source: Service Control Manager) (User: )
Description: IPsec-Richtlinien-AgentBFE

Error: (09/05/2013 07:26:26 AM) (Source: Service Control Manager) (User: )
Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE

Error: (09/05/2013 07:26:23 AM) (Source: Service Control Manager) (User: )
Description: Computerbrowser%%1060

Error: (09/04/2013 08:47:44 PM) (Source: Service Control Manager) (User: )
Description: Heimnetzgruppen-AnbieterFunktionssuche-Ressourcenveröffentlichung%%-2147024891


Microsoft Office Sessions:
=========================
Error: (09/05/2013 07:33:45 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25616

Error: (09/05/2013 07:33:45 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25616

Error: (09/05/2013 07:33:45 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/05/2013 07:33:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24602

Error: (09/05/2013 07:33:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24602

Error: (09/05/2013 07:33:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/05/2013 07:33:28 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8346

Error: (09/05/2013 07:33:28 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8346

Error: (09/05/2013 07:33:28 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/05/2013 07:33:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5476


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 3000.84 MB
Available physical RAM: 1607.34 MB
Total Pagefile: 5999.95 MB
Available Pagefile: 4411.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1877.05 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:288.32 GB) (Free:137.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 241949DE)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=288 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

GMER Logfile:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-05 08:43:14
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB
Running: gecq6mwv.exe; Driver: C:\Users\SIMONE~1\AppData\Local\Temp\pgriqpog.sys


---- System - GMER 2.1 ----

SSDT            9044811E                                                                                                                ZwCreateSection
SSDT            90448128                                                                                                                ZwRequestWaitReplyPort
SSDT            90448123                                                                                                                ZwSetContextThread
SSDT            9044812D                                                                                                                ZwSetSecurityObject
SSDT            90448132                                                                                                                ZwSystemDebugControl
SSDT            904480BF                                                                                                                ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackTransaction + 13E9                                                                               82C8D599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                  82CB2092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 340                                                                                     82CB9990 4 Bytes  [1E, 81, 44, 90]
.text           ntkrnlpa.exe!RtlSidHashLookup + 69C                                                                                     82CB9CEC 4 Bytes  [28, 81, 44, 90]
.text           ntkrnlpa.exe!RtlSidHashLookup + 6E0                                                                                     82CB9D30 4 Bytes  [23, 81, 44, 90]
.text           ntkrnlpa.exe!RtlSidHashLookup + 75C                                                                                     82CB9DAC 4 Bytes  [2D, 81, 44, 90]
.text           ntkrnlpa.exe!RtlSidHashLookup + 7B0                                                                                     82CB9E00 4 Bytes  [32, 81, 44, 90]
.text           ...                                                                                                                     

---- User code sections - GMER 2.1 ----

?               C:\Windows\system32\services.exe[476] C:\Windows\system32\smss.exe                                                      image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                 Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                 Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{6C240F2E-F701-11DE-A65E-806E6F6E6963}  13744675024

---- EOF - GMER 2.1 ----

--- --- ---

Die Logfile von Avira lässt sich nicht posten, da sie zuviele Zeichen enthält. Soll ich sie zippen und anhängen??

aharonov · 05.09.2013, 08:10

Hi,

Zitat:

Die Logfile von Avira lässt sich nicht posten, da sie zuviele Zeichen enthält. Soll ich sie zippen und anhängen??

Ja, gerne.

Schritt 1

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Starte den Rechner neu auf. Dann:

Schritt 2

Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Schritt 3

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Ruby84 · 05.09.2013, 20:45

Ich hoffe, die Datei lässt sich öffnen..

aharonov · 05.09.2013, 21:08

Jep, alles klar, was das hier ist.
Mach bitte die Schritte 1 bis 3, wie angegeben.

Ruby84 · 05.09.2013, 21:13

Beim Ausführen vom Combofix bekomme ich folgende Fehlermeldung:

Fehler beim Überschreiben der Datei: "C:\32788R22FWJFW\pev.3XE"

Was soll ich jetzt machen? Habe sowohl auf Abbrechen, Wiederholen und Ignorieren geklickt, Combofix arbeitet aber nicht weiter.

aharonov · 05.09.2013, 21:14

Dann ersetz Combofix durch Folgendes:

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Ruby84 · 06.09.2013, 22:45

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.06.08

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Simone Mittermeier :: SIMONESPC [administrator]

06.09.2013 20:06:18
mbar-log-2013-09-06 (20-06-18).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 233377
Time elapsed: 1 hour(s), 18 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} (Trojan.Zaccess) -> Delete on reboot.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\Users\Simone Mittermeier\AppData\Local\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}\n. -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Windows\Installer\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}\L (Backdoor.0Access) -> Delete on reboot.
C:\Windows\Installer\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}\U (Backdoor.0Access) -> Delete on reboot.

Files Detected: 1
C:\Windows\System32\services.exe (Rootkit.0Access.S) -> Replace on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.06.08

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Simone Mittermeier :: SIMONESPC [administrator]

06.09.2013 21:36:06
mbar-log-2013-09-06 (21-36-06).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 233701
Time elapsed: 1 hour(s), 46 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Farbar Service Scanner Version: 05-09-2013
Ran by Simone Mittermeier (administrator) on 06-09-2013 at 23:39:07
Running from "C:\Users\Simone Mittermeier\Desktop"
Microsoft Windows 7 Professional (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-12 12:57] - [2012-03-30 12:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll
[2011-02-10 11:45] - [2010-12-21 07:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-13 20:34] - [2012-04-24 06:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-09-2013
Ran by Simone Mittermeier (administrator) on SIMONESPC on 06-09-2013 23:43:10
Running from C:\Users\Simone Mittermeier\Desktop
Microsoft Windows 7 Professional  (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\dcmsvc\dcmsvc.exe
(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
() C:\Users\Simone Mittermeier\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Dropbox, Inc.) C:\Users\Simone Mittermeier\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-02] (Google)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NPSStartup] -  [x]
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [dcmsvc] - C:\Program Files\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKCU\...\Run: [AutoStartNPSAgent] - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2010-07-12] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Simone Mittermeier\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
Startup: C:\Users\Simone Mittermeier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Simone Mittermeier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Simone Mittermeier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Simone Mittermeier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk
ShortcutTarget: Warner Bros.lnk -> C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
URLSearchHook: SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=3012_8&babsrc=SP_ss&mntrId=8c191f9200000000000000ff98dbd286
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=3012_8&babsrc=SP_ss&mntrId=8c191f9200000000000000ff98dbd286
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=CAmPr72jqpOxNwNJts2leBkKeWo?q={searchTerms}
SearchScopes: HKCU - {DC299A38-7AC4-45DB-AD3A-8B39358C0E0F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=5c03a5ed-ca92-402f-9c8e-70736e670c9c&apn_sauid=DB9100B9-FF28-4C99-89CD-0D105EBB3E6D
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default
FF NewTab: hxxp://search.babylon.com/?affID=112542&tt=3012_8&babsrc=NT_ss&mntrId=8c191f9200000000000000ff98dbd286
FF DefaultSearchEngine: Ask Search
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Simone Mittermeier\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Yahoo! Toolbar - C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: No Name - C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\Extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
FF Extension: toolbar_AVIRA-V7 - C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (getPlusPlus for Adobe 16260) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\20.53263_0
CHR Extension: (Google Docs) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [670792 2011-06-23] (Juniper Networks)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [67360 2009-12-17] (NOS Microsystems Ltd.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-02] (Google)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2011-06-22] (Juniper Networks, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-08-28] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2011-06-23] (Juniper Networks)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-01-08] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-28] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-06 23:38 - 2013-09-06 23:39 - 00002394 _____ C:\Users\Simone Mittermeier\Desktop\FSS.txt
2013-09-06 23:33 - 2013-09-06 23:34 - 00358609 _____ (Farbar) C:\Users\Simone Mittermeier\Desktop\FSS.exe
2013-09-06 20:06 - 2013-09-06 23:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-06 20:06 - 2013-09-06 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-06 20:04 - 2013-09-06 20:04 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\mbar-1.07.0.1005
2013-09-06 20:00 - 2013-09-06 21:28 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\mbar
2013-09-06 20:00 - 2013-09-06 20:00 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Simone Mittermeier\Desktop\mbar-1.07.0.1005.exe
2013-09-05 21:52 - 2013-09-05 23:00 - 00000000 ____D C:\Qoobox
2013-09-05 21:51 - 2013-09-06 00:06 - 00000000 ___SD C:\32788R22FWJFW
2013-09-05 21:51 - 2013-09-05 23:00 - 00000000 ____D C:\Windows\erdnt
2013-09-05 21:47 - 2013-09-05 21:47 - 05120804 ____R (Swearware) C:\Users\Simone Mittermeier\Desktop\ComboFix.exe
2013-09-05 21:27 - 2013-09-05 21:31 - 00006042 _____ C:\Users\Simone Mittermeier\Desktop\Logfile.zip
2013-09-05 21:24 - 2013-09-05 21:31 - 00008834 _____ C:\Users\Simone Mittermeier\Desktop\Logfile.7z
2013-09-05 08:59 - 2013-09-05 08:59 - 01110476 _____ C:\Users\Simone Mittermeier\Downloads\7z920.exe
2013-09-05 08:59 - 2013-09-05 08:59 - 00000000 ____D C:\Program Files\7-Zip
2013-09-05 08:51 - 2013-09-05 08:51 - 00415444 _____ C:\Users\Simone Mittermeier\Desktop\Ereignisse.txt
2013-09-05 08:43 - 2013-09-05 08:43 - 00003691 _____ C:\Users\Simone Mittermeier\Desktop\Gmer.txt
2013-09-05 08:00 - 2013-09-05 08:00 - 00377856 _____ C:\Users\Simone Mittermeier\Desktop\gecq6mwv.exe
2013-09-05 07:57 - 2013-09-05 07:57 - 00377856 _____ C:\Users\Simone Mittermeier\Downloads\m4g671x9.exe
2013-09-05 07:52 - 2013-09-05 07:53 - 00022192 _____ C:\Users\Simone Mittermeier\Desktop\Addition.txt
2013-09-05 07:52 - 2013-09-05 07:52 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\HGB IFRS
2013-09-05 07:50 - 2013-09-05 07:50 - 00000000 ____D C:\FRST
2013-09-05 07:42 - 2013-09-05 07:42 - 00000498 _____ C:\Users\Simone Mittermeier\Desktop\defogger_disable.log
2013-09-05 07:42 - 2013-09-05 07:42 - 00000000 _____ C:\Users\Simone Mittermeier\defogger_reenable
2013-09-05 07:40 - 2013-09-05 07:41 - 00050477 _____ C:\Users\Simone Mittermeier\Desktop\Defogger.exe
2013-08-29 21:37 - 2013-08-29 21:38 - 117500804 _____ C:\Users\Simone Mittermeier\Desktop\Bewerbungsunterlagen_Simone Pöppell.tiff
2013-08-29 09:36 - 2013-09-05 21:08 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-28 22:43 - 2013-08-28 22:43 - 00000000 ____D C:\Users\Simone Mittermeier\AppData\Roaming\Avira
2013-08-28 22:38 - 2013-08-28 22:38 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-28 22:38 - 2013-08-28 22:38 - 00000000 ____D C:\ProgramData\APN
2013-08-28 22:38 - 2013-08-28 22:38 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-08-28 22:37 - 2013-09-05 21:08 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-28 22:37 - 2013-09-05 21:08 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-28 22:37 - 2013-08-28 22:37 - 00002020 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-28 22:37 - 2013-08-28 22:36 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-28 22:37 - 2013-08-28 22:36 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-08-28 22:36 - 2013-08-28 22:36 - 00000000 ____D C:\Program Files\Avira
2013-08-28 22:02 - 2013-08-28 22:02 - 02092792 _____ C:\Users\Simone Mittermeier\Downloads\avira_free_antivirus.exe
2013-08-26 20:47 - 2013-08-26 21:11 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\versuch (1)
2013-08-24 21:39 - 2013-08-24 21:39 - 00146624 _____ C:\Windows\Minidump\082413-29827-01.dmp
2013-08-20 23:48 - 2013-08-22 22:54 - 00099986 _____ C:\Users\Simone Mittermeier\Desktop\Lebenslauf_Absolventenbuch.odt
2013-08-18 22:06 - 2013-08-18 22:08 - 00009216 _____ C:\Users\Simone Mittermeier\Desktop\Bargeldkasse.xls
2013-08-18 22:04 - 2013-08-18 22:08 - 00009624 _____ C:\Users\Simone Mittermeier\Desktop\Bargeldkasse.ods
2013-08-13 15:05 - 2013-08-13 15:05 - 00001024 _____ C:\Users\Simone Mittermeier\Desktop\Kontoauszug - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

2013-09-06 23:42 - 2013-09-06 23:42 - 01081729 _____ (Farbar) C:\Users\Simone Mittermeier\Desktop\FRST.exe
2013-09-06 23:42 - 2013-02-21 19:17 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-06 23:39 - 2013-09-06 23:38 - 00002394 _____ C:\Users\Simone Mittermeier\Desktop\FSS.txt
2013-09-06 23:34 - 2013-09-06 23:33 - 00358609 _____ (Farbar) C:\Users\Simone Mittermeier\Desktop\FSS.exe
2013-09-06 23:31 - 2013-09-06 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-06 23:23 - 2012-11-10 13:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-06 23:09 - 2010-01-01 20:17 - 01504762 _____ C:\Windows\WindowsUpdate.log
2013-09-06 22:42 - 2013-02-21 19:17 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-06 21:38 - 2009-07-14 06:34 - 00013248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-06 21:38 - 2009-07-14 06:34 - 00013248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-06 21:33 - 2012-01-24 19:37 - 00000000 ____D C:\Users\Simone Mittermeier\AppData\Roaming\Dropbox
2013-09-06 21:32 - 2012-01-24 19:39 - 00000000 ___RD C:\Users\Simone Mittermeier\Dropbox
2013-09-06 21:30 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-06 21:30 - 2009-07-14 06:39 - 00154433 _____ C:\Windows\setupact.log
2013-09-06 21:29 - 2010-12-21 22:42 - 00177450 _____ C:\Windows\PFRO.log
2013-09-06 21:28 - 2013-09-06 20:00 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\mbar
2013-09-06 20:06 - 2013-09-06 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-06 20:04 - 2013-09-06 20:04 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\mbar-1.07.0.1005
2013-09-06 20:00 - 2013-09-06 20:00 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Simone Mittermeier\Desktop\mbar-1.07.0.1005.exe
2013-09-06 00:06 - 2013-09-05 21:51 - 00000000 ___SD C:\32788R22FWJFW
2013-09-05 23:41 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-05 23:00 - 2013-09-05 21:52 - 00000000 ____D C:\Qoobox
2013-09-05 23:00 - 2013-09-05 21:51 - 00000000 ____D C:\Windows\erdnt
2013-09-05 21:51 - 2013-07-31 18:09 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\Bewerbungsmist
2013-09-05 21:49 - 2012-06-04 22:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-05 21:49 - 2012-06-04 22:34 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-09-05 21:47 - 2013-09-05 21:47 - 05120804 ____R (Swearware) C:\Users\Simone Mittermeier\Desktop\ComboFix.exe
2013-09-05 21:31 - 2013-09-05 21:27 - 00006042 _____ C:\Users\Simone Mittermeier\Desktop\Logfile.zip
2013-09-05 21:31 - 2013-09-05 21:24 - 00008834 _____ C:\Users\Simone Mittermeier\Desktop\Logfile.7z
2013-09-05 21:28 - 2010-01-03 17:04 - 00000000 ____D C:\Program Files\Filzip
2013-09-05 21:08 - 2013-08-29 09:36 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-05 21:08 - 2013-08-28 22:37 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-05 21:08 - 2013-08-28 22:37 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-05 08:59 - 2013-09-05 08:59 - 01110476 _____ C:\Users\Simone Mittermeier\Downloads\7z920.exe
2013-09-05 08:59 - 2013-09-05 08:59 - 00000000 ____D C:\Program Files\7-Zip
2013-09-05 08:51 - 2013-09-05 08:51 - 00415444 _____ C:\Users\Simone Mittermeier\Desktop\Ereignisse.txt
2013-09-05 08:43 - 2013-09-05 08:43 - 00003691 _____ C:\Users\Simone Mittermeier\Desktop\Gmer.txt
2013-09-05 08:00 - 2013-09-05 08:00 - 00377856 _____ C:\Users\Simone Mittermeier\Desktop\gecq6mwv.exe
2013-09-05 07:57 - 2013-09-05 07:57 - 00377856 _____ C:\Users\Simone Mittermeier\Downloads\m4g671x9.exe
2013-09-05 07:53 - 2013-09-05 07:52 - 00022192 _____ C:\Users\Simone Mittermeier\Desktop\Addition.txt
2013-09-05 07:52 - 2013-09-05 07:52 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\HGB IFRS
2013-09-05 07:50 - 2013-09-05 07:50 - 00000000 ____D C:\FRST
2013-09-05 07:42 - 2013-09-05 07:42 - 00000498 _____ C:\Users\Simone Mittermeier\Desktop\defogger_disable.log
2013-09-05 07:42 - 2013-09-05 07:42 - 00000000 _____ C:\Users\Simone Mittermeier\defogger_reenable
2013-09-05 07:42 - 2010-01-01 20:30 - 00000000 ____D C:\Users\Simone Mittermeier
2013-09-05 07:41 - 2013-09-05 07:40 - 00050477 _____ C:\Users\Simone Mittermeier\Desktop\Defogger.exe
2013-09-05 07:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-08-31 00:03 - 2010-01-01 20:38 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\Simone
2013-08-29 21:38 - 2013-08-29 21:37 - 117500804 _____ C:\Users\Simone Mittermeier\Desktop\Bewerbungsunterlagen_Simone Pöppell.tiff
2013-08-28 22:43 - 2013-08-28 22:43 - 00000000 ____D C:\Users\Simone Mittermeier\AppData\Roaming\Avira
2013-08-28 22:38 - 2013-08-28 22:38 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-28 22:38 - 2013-08-28 22:38 - 00000000 ____D C:\ProgramData\APN
2013-08-28 22:38 - 2013-08-28 22:38 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-08-28 22:37 - 2013-08-28 22:37 - 00002020 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-28 22:36 - 2013-08-28 22:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-28 22:36 - 2013-08-28 22:37 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-08-28 22:36 - 2013-08-28 22:36 - 00000000 ____D C:\Program Files\Avira
2013-08-28 22:36 - 2012-06-03 22:02 - 00000000 ____D C:\ProgramData\Avira
2013-08-28 22:02 - 2013-08-28 22:02 - 02092792 _____ C:\Users\Simone Mittermeier\Downloads\avira_free_antivirus.exe
2013-08-26 21:11 - 2013-08-26 20:47 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\versuch (1)
2013-08-24 21:39 - 2013-08-24 21:39 - 00146624 _____ C:\Windows\Minidump\082413-29827-01.dmp
2013-08-24 21:39 - 2011-10-25 15:07 - 00000000 ____D C:\Windows\Minidump
2013-08-24 21:38 - 2011-10-25 15:07 - 282722380 _____ C:\Windows\MEMORY.DMP
2013-08-22 22:54 - 2013-08-20 23:48 - 00099986 _____ C:\Users\Simone Mittermeier\Desktop\Lebenslauf_Absolventenbuch.odt
2013-08-22 19:23 - 2012-11-10 13:32 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-22 19:23 - 2011-06-23 21:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-19 16:42 - 2010-01-01 20:30 - 01498332 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-18 22:08 - 2013-08-18 22:06 - 00009216 _____ C:\Users\Simone Mittermeier\Desktop\Bargeldkasse.xls
2013-08-18 22:08 - 2013-08-18 22:04 - 00009624 _____ C:\Users\Simone Mittermeier\Desktop\Bargeldkasse.ods
2013-08-13 15:05 - 2013-08-13 15:05 - 00001024 _____ C:\Users\Simone Mittermeier\Desktop\Kontoauszug - Verknüpfung.lnk
2013-08-09 09:45 - 2013-08-06 15:56 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\Oma
2013-08-07 04:22 - 2010-01-01 20:43 - 00238872 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

ZeroAccess:
C:\Users\Simone Mittermeier\AppData\Local\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}
C:\Users\Simone Mittermeier\AppData\Local\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}\@

Files to move or delete:
====================
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe
C:\Users\SIMONE~1\AppData\Local\Temp\nsu35B4.tmp\ExecCmd.dll
C:\Users\SIMONE~1\AppData\Local\Temp\nsu35B4.tmp\nsExec.dll
C:\Users\SIMONE~1\AppData\Local\Temp\nsu35B4.tmp\NSISdl.dll
C:\Users\SIMONE~1\AppData\Local\Temp\nsu35B4.tmp\System.dll
C:\Users\SIMONE~1\AppData\Local\Temp\nsu35B4.tmp\UserInfo.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-04 13:47

==================== End Of Log ============================

--- --- ---

--- --- ---

aharonov · 06.09.2013, 22:55

Prima, MBAR sollte das Ding erwischt haben. Machen wir noch eine Kontrolle.
Wie läuft der Rechner jetzt?

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\Simone Mittermeier\AppData\Local\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=3012_8&babsrc=SP_ss&mntrId=8c191f9200000000000000ff98dbd286
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=3012_8&babsrc=SP_ss&mntrId=8c191f9200000000000000ff98dbd286
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=CAmPr72jqpOxNwNJts2leBkKeWo?q={searchTerms}
SearchScopes: HKCU - {DC299A38-7AC4-45DB-AD3A-8B39358C0E0F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=5c03a5ed-ca92-402f-9c8e-70736e670c9c&apn_sauid=DB9100B9-FF28-4C99-89CD-0D105EBB3E6D
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
URLSearchHook: SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
FF NewTab: hxxp://search.babylon.com/?affID=112542&tt=3012_8&babsrc=NT_ss&mntrId=8c191f9200000000000000ff98dbd286
FF DefaultSearchEngine: Ask Search
FF SearchEngineOrder.1: Ask Search
FF SearchPlugin: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\icqplugin.xml

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Ruby84 · 08.09.2013, 14:57

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2013 03
Ran by Simone Mittermeier at 2013-09-07 18:11:15 Run:1
Running from C:\Users\Simone Mittermeier\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\Simone Mittermeier\AppData\Local\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=3012_8&babsrc=SP_ss&mntrId=8c191f9200000000000000ff98dbd286
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=3012_8&babsrc=SP_ss&mntrId=8c191f9200000000000000ff98dbd286
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=CAmPr72jqpOxNwNJts2leBkKeWo?q={searchTerms}
SearchScopes: HKCU - {DC299A38-7AC4-45DB-AD3A-8B39358C0E0F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=5c03a5ed-ca92-402f-9c8e-70736e670c9c&apn_sauid=DB9100B9-FF28-4C99-89CD-0D105EBB3E6D
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
URLSearchHook: SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
FF NewTab: hxxp://search.babylon.com/?affID=112542&tt=3012_8&babsrc=NT_ss&mntrId=8c191f9200000000000000ff98dbd286
FF DefaultSearchEngine: Ask Search
FF SearchEngineOrder.1: Ask Search
FF SearchPlugin: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\icqplugin.xml

*****************

C:\Users\Simone Mittermeier\AppData\Local\{f3abe20d-85fb-9ef0-2c44-a74c093f178f} => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC299A38-7AC4-45DB-AD3A-8B39358C0E0F} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DC299A38-7AC4-45DB-AD3A-8B39358C0E0F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D8278076-BC68-4484-9233-6E7F1628B56C} => Value deleted successfully.
HKCR\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C} => Key deleted successfully.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\ask-search.xml => Moved successfully.
C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\askcom.xml => Moved successfully.
C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\icqplugin.xml => Moved successfully.

==== End of Fixlog ====

Malwarebytes Anti-Malware (Test) 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.09.07.05

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Simone Mittermeier :: SIMONESPC [Administrator]

Schutz: Aktiviert

07.09.2013 21:54:53
mbam-log-2013-09-07 (21-54-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227992
Laufzeit: 24 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Simone Mittermeier\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 4
C:\Users\Simone Mittermeier\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Simone Mittermeier\Downloads\BeautifulESvonSchriftartenFontsde_downloader_by_SchriftartenFontsde.exe (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Simone Mittermeier\Downloads\AdineKirnberg_downloader_by_SchriftartenFontsde.exe (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Simone Mittermeier\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Eset läuft bei mir jetzt schon seit über 7 Stunden. Es ist jetzt bei 92% aber das schon seit Stunden...ist das normal??

Infizierte Files wurden bisher auch 19 Stück gefunden...

aharonov · 08.09.2013, 15:42

Zitat:

Eset läuft bei mir jetzt schon seit über 7 Stunden. Es ist jetzt bei 92% aber das schon seit Stunden...ist das normal??

Ja, das ist normal, nur Geduld..

Ruby84 · 09.09.2013, 12:27

Hab ihn über Nacht laufen lassen, heute morgen war er immer noch bei 92 Prozent.

Dummerweise kam jetzt immer eine Meldung von Windows, dass ich den Computer neustarten soll. Hätte nicht draufklicken sollen.

Jetzt hat ESET abgebrochen und ich kann wieder von vorne anfangen.

Mein Rechner läuft jetzt schon seit 2 Tagen durchgängig. Ich hab ja Geduld, aber das find ich schon ein wenig lang.

Soll ich ESET nochmal starten oder gibt es vielleicht doch noch ne andere Möglichkeit?

aharonov · 09.09.2013, 12:29

Dann mach einen Vollscan mit deinem installierten Avira AntiVir und poste dieses Logfile.

aharonov · 16.09.2013, 17:29

Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

04.09.2013, 20:47	#2
aharonov /// TB-Ausbilder	Virus TR/Sirefef.A.40 lässt sich nicht entfernen Hallo, ja da hast du ein unschönes Tierchen eingefangen.. ZeroAccess. Ich brauch noch ein paar mehr Informationen zum Anfangen: Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die resultierenden Logfiles hier. __________________ __________________

05.09.2013, 21:08	#6
aharonov /// TB-Ausbilder	Virus TR/Sirefef.A.40 lässt sich nicht entfernen Jep, alles klar, was das hier ist. Mach bitte die Schritte 1 bis 3, wie angegeben. __________________ --> Virus TR/Sirefef.A.40 lässt sich nicht entfernen

09.09.2013, 12:29	#14
aharonov /// TB-Ausbilder	Virus TR/Sirefef.A.40 lässt sich nicht entfernen Dann mach einen Vollscan mit deinem installierten Avira AntiVir und poste dieses Logfile. __________________ cheers, Leo

Virus TR/Sirefef.A.40 lässt sich nicht entfernen

Plagegeister aller Art und deren Bekämpfung: Virus TR/Sirefef.A.40 lässt sich nicht entfernen