Vista / AskPartnerNetwork\Toolbar gefunden

pc-blond · 14.09.2013, 18:12

Liebe Helfer!

Malwarebytes hat mir eine infizierte Datei gemeldet:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.14.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

14.09.2013 15:36:02
MBAM-log-2013-09-14 (17-04-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 328207
Laufzeit: 1 Stunde(n), 28 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe (PUP.Optional.ASKToolbar.A) -> Keine Aktion durchgeführt.

(Ende)

Ich bin nicht wirklich sicher, ob das nun schädlich ist bzw. wo das herkommt?!
Da ich etwas verunsichert war, was zu tun ist, hab ich erstmal nichts gemacht sprich: der lungert hier nun noch rum?!

Ich habe versucht eure Liste abzuarbeiten und hoffe, es ist alles da

defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:26 on 14/09/2013 (Almut)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2013 04
Ran by ***** (administrator) on EMMAPC on 14-09-2013 17:32:54
Running from C:\Users\*****
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
(McAfee, Inc.) C:\Program Files\McAfee\MPF\MPFSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Windows\system32\PSIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Vimicro Corporation) C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
() C:\Users\*****\Defogger.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-23] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4489216 2007-06-13] (Realtek Semiconductor)
HKLM\...\Run: [VMonitorVMUVC] - C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [135168 2007-12-20] (Vimicro Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [OpwareSE4] - C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [69632 2006-03-21] (ScanSoft, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
MountPoints2: {ddc93341-352f-11e0-aea6-00137764e91e} - F:\Startme.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKCU - DefaultScope {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=FXT
SearchScopes: HKCU - {02A1B9FE-1356-4D21-992B-C3061AE66554} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {271232ED-58D0-41FD-BB5D-5BB940F29055} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {7C80DD9F-D673-4EAC-BFF4-3BCDA1494C89} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {97F542D2-AB4D-4A6B-B09B-2B335DA0B188} URL = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=FXT
SearchScopes: HKCU - {EFC5ADFF-7EB7-495D-B02F-08B4CBEF7B09} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
BHO: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll (McAfee, Inc.)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU -Foxit Toolbar - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 38 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\he9txv8b.default
FF SearchEngineOrder.1: GMX Suche
FF SearchEngineOrder.2: WEB.DE Suche
FF SearchEngineOrder.3: 1und1 Suche
FF SearchEngineOrder.4: amazon.de
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\he9txv8b.default\searchplugins\1und1-suche.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\he9txv8b.default\searchplugins\amazonde.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\he9txv8b.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\he9txv8b.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Update Notifier - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\he9txv8b.default\Extensions\{95f24680-9e31-11da-a746-0800200c9a66}
FF Extension: toolbar_AVIRA-V7 - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\he9txv8b.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
S3 Emproxy; C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe [341584 2007-01-12] (McAfee, Inc.)
R2 McAfee HackerWatch Service; C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe [540776 2007-01-09] (McAfee, Inc.)
R2 McODS; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [362064 2007-01-16] (McAfee, Inc.)
S2 McRedirector; c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe [248416 2007-01-15] (McAfee, Inc.)
S2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [144960 2006-12-22] (McAfee, Inc.)
R2 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [643664 2007-01-25] (McAfee, Inc.)
R2 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [839720 2007-01-15] (McAfee, Inc.)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-13] (Microsoft Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [171040 2007-01-08] ()
S4 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [73728 2007-06-28] ()
S3 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2010-10-26] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-08-05] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-07-11] (SAMSUNG ELECTRONICS CO., LTD.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-09-14] (Malwarebytes Corporation)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [71496 2006-12-22] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [34184 2006-12-22] (McAfee, Inc.)
R3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [170408 2006-12-22] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [32008 2006-12-22] (McAfee, Inc.)
R3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [37480 2006-12-22] (McAfee, Inc.)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [117848 2007-01-09] (McAfee, Inc.)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2010-03-15] (MCCI Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-05] (Avira GmbH)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [252928 2010-01-12] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-14 17:32 - 2013-09-14 17:32 - 00000000 ____D C:\FRST
2013-09-14 17:31 - 2013-09-14 17:31 - 01083285 _____ (Farbar) C:\Users\*****\FRST.exe
2013-09-14 17:26 - 2013-09-14 17:27 - 00000472 _____ C:\Users\*****\defogger_disable.log
2013-09-14 17:26 - 2013-09-14 17:26 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-09-14 17:25 - 2013-09-14 17:25 - 00050477 _____ C:\Users\*****\Defogger.exe
2013-09-14 15:35 - 2013-09-14 15:35 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-09-14 15:12 - 2013-09-14 15:12 - 97542592 _____ C:\Windows\system32\耫᭄—
2013-09-12 12:44 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 12:44 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 12:44 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 12:44 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 12:44 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-12 12:44 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 12:44 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-12 12:44 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 12:44 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 12:44 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-12 12:44 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-12 12:44 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 12:44 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 12:44 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 12:44 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-12 12:44 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 12:16 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 12:16 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-08-28 18:25 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-22 12:57 - 2013-08-22 12:57 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-22 12:56 - 2013-08-22 12:56 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-22 12:56 - 2013-08-22 12:56 - 00000000 ____D C:\Program Files\iTunes
2013-08-22 12:56 - 2013-08-22 12:56 - 00000000 ____D C:\Program Files\iPod
2013-08-19 17:11 - 2013-08-19 17:11 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-09-14 17:32 - 2013-09-14 17:32 - 00000000 ____D C:\FRST
2013-09-14 17:31 - 2013-09-14 17:31 - 01083285 _____ (Farbar) C:\Users\*****\FRST.exe
2013-09-14 17:31 - 2008-04-13 18:47 - 00000000 ___RD C:\Users\*****
2013-09-14 17:30 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-14 17:30 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-14 17:27 - 2013-09-14 17:26 - 00000472 _____ C:\Users\*****\defogger_disable.log
2013-09-14 17:26 - 2013-09-14 17:26 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-09-14 17:25 - 2013-09-14 17:25 - 00050477 _____ C:\Users\*****\Defogger.exe
2013-09-14 17:01 - 2013-07-06 09:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-14 16:45 - 2012-06-18 20:14 - 01627232 _____ C:\Windows\WindowsUpdate.log
2013-09-14 15:35 - 2013-09-14 15:35 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-09-14 15:12 - 2013-09-14 15:12 - 97542592 _____ C:\Windows\system32\耫᭄—
2013-09-14 15:11 - 2008-04-13 19:26 - 00007928 _____ C:\Windows\system32\Config.MPF
2013-09-14 15:09 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-13 18:20 - 2007-07-11 00:17 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-09-13 18:20 - 2006-11-02 15:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-13 18:01 - 2012-04-30 08:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-13 18:01 - 2012-02-18 20:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-13 16:40 - 2006-11-02 14:47 - 00374200 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 12:44 - 2013-07-18 21:19 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 12:41 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-04 15:22 - 2013-08-05 17:51 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-04 15:22 - 2013-08-05 17:51 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-25 12:32 - 2006-11-02 12:33 - 01592792 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-22 12:57 - 2013-08-22 12:57 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-22 12:56 - 2013-08-22 12:56 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-22 12:56 - 2013-08-22 12:56 - 00000000 ____D C:\Program Files\iTunes
2013-08-22 12:56 - 2013-08-22 12:56 - 00000000 ____D C:\Program Files\iPod
2013-08-22 12:56 - 2010-05-13 14:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-20 19:28 - 2012-05-15 16:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-19 17:11 - 2013-08-19 17:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-16 20:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-16 20:07 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-16 19:47 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE

Files to move or delete:
====================
C:\Users\*****\Defogger.exe
C:\Users\*****\FRST.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-14 15:15

==================== End Of Log ============================

ADDITION:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-09-2013 04
Ran by ***** at 2013-09-14 17:33:30
Running from C:\Users\*****
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Agere Systems HDA Modem
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft PhotoStudio 5.5
Atheros WLAN Client (Version: 1.00.000)
ATI Catalyst Install Manager (Version: 3.0.641.0)
Avira Free Antivirus (Version: 13.0.0.4052)
Avira SearchFree Toolbar plus Web Protection (Version: 12.2.2.663)
Bonjour (Version: 3.0.0.10)
Business Contact Manager für Outlook 2007 (Version: 3.0.5828.0)
Canon MP Navigator 3.0
Canon Utilities Easy-PhotoPrint
Catalyst Control Center Core Implementation (Version: 2007.0613.2249.38957)
Catalyst Control Center Graphics Full Existing (Version: 2007.0613.2249.38957)
Catalyst Control Center Graphics Full New (Version: 2007.0613.2249.38957)
Catalyst Control Center Graphics Light (Version: 2007.0613.2249.38957)
Catalyst Control Center Graphics Previews Vista (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Chinese Standard (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Czech (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Danish (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Dutch (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Finnish (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization French (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization German (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Greek (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Hungarian (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Italian (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Japanese (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Korean (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Norwegian (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Polish (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Portuguese (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Russian (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Spanish (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Swedish (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Thai (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Turkish (Version: 2007.0613.2249.38957)
CCC Help Chinese Standard (Version: 2007.0613.2248.38957)
CCC Help Chinese Traditional (Version: 2007.0613.2248.38957)
CCC Help Czech (Version: 2007.0613.2248.38957)
CCC Help Danish (Version: 2007.0613.2248.38957)
CCC Help Dutch (Version: 2007.0613.2248.38957)
CCC Help English (Version: 2007.0613.2248.38957)
CCC Help Finnish (Version: 2007.0613.2248.38957)
CCC Help French (Version: 2007.0613.2248.38957)
CCC Help German (Version: 2007.0613.2248.38957)
CCC Help Greek (Version: 2007.0613.2248.38957)
CCC Help Hungarian (Version: 2007.0613.2248.38957)
CCC Help Italian (Version: 2007.0613.2248.38957)
CCC Help Japanese (Version: 2007.0613.2248.38957)
CCC Help Korean (Version: 2007.0613.2248.38957)
CCC Help Norwegian (Version: 2007.0613.2248.38957)
CCC Help Polish (Version: 2007.0613.2248.38957)
CCC Help Portuguese (Version: 2007.0613.2248.38957)
CCC Help Russian (Version: 2007.0613.2248.38957)
CCC Help Spanish (Version: 2007.0613.2248.38957)
CCC Help Swedish (Version: 2007.0613.2248.38957)
CCC Help Thai (Version: 2007.0613.2248.38957)
CCC Help Turkish (Version: 2007.0613.2248.38957)
ccc-core-static (Version: 2007.0613.2249.38957)
ccc-utility (Version: 2007.0613.2249.38957)
CCleaner (Version: 4.04)
DAISY-Leser 2.0.1 (Version: 2.0.1)
DVD Suite (Version: 5.0.1603)
Easy Battery Manager (Version: 3.2.1.1)
Easy Display Manager (Version: 2.0.0.0)
Easy Network Manager 3.0 (Version: 3.0.0.0)
Easy SpeedUp Manager (Version: 2.0.0.11)
Easy-WebPrint
Foxit Reader
Foxit Toolbar (Version: 4.1.0.5)
imagine digital freedom - Samsung (Version: 1.0.2.0)
iTunes (Version: 11.0.5.5)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java DB 10.5.3.0 (Version: 10.5.3.0)
Java(TM) SE Development Kit 6 Update 20 (Version: 1.6.0.200)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office 2003 Web Components (Version: 11.0.8003.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 97, Professional Edition
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft SOAP Toolkit 2.0 SP2 (Version: 623.1)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.1.2047.00)
Microsoft SQL Server Native Client (Version: 9.00.2047.00)
Microsoft SQL Server VSS Writer (Version: 9.00.2047.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Play AVStation (Version: 4.1.20.46)
PlayStation(R)Network Downloader (Version: 2.04.00651)
PlayStation(R)Store (Version: 4.0.14.10643)
PowerDVD (Version: 7.0.2802.0)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5433)
SA30xx Device Manager (Version: 1.2.0.1100)
SA30xx Media Converter (Version: 1.1.5.1007)
Samsung Magic Doctor (Version: 5.00)
Samsung Recovery Solution II (Version: 2.0)
Samsung Update Plus (Version: 1.3.0.11)
ScanSoft OmniPage SE 4.0 (Version: 15.00.0020)
Skins (Version: 2007.0613.2249.38957)
Skype Toolbars (Version: 5.0.4137)
Skype™ 5.0 (Version: 5.0.156)
Synaptics Pointing Device Driver (Version: 9.1.22.0)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.2047.00)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
User Guide (Version: 1.0)
Vimicro USB2.0 UVC PC Camera (Version: 2010.03.02)
WIDCOMM Bluetooth Software 6.0.1.5000 (Version: 6.0.1.5000)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)

==================== Restore Points  =========================

10-09-2013 07:04:04 Geplanter Prüfpunkt
12-09-2013 10:40:56 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0210F96F-4995-4F28-ADCC-1537151BE0AD} - System32\Tasks\{8D6865DE-5FAF-441C-B93C-E85254B7D2FB} => C:\Program Files\Skype\\Phone\Skype.exe [2010-12-03] (Skype Technologies S.A.)
Task: {05ABEB9C-888F-4C41-AB9D-8E87DDD85ABC} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2007-04-24] (Samsung Electronics Co., Ltd.)
Task: {18D54C57-939F-4CC6-8F26-E6373165D529} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2D76A194-6488-442E-A6F2-92D36A7CE70A} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {40C90FB5-2D42-47F3-B982-D82DE81DE4DB} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4B46C700-5FD2-49BD-AEC6-6D3525C95BC6} - System32\Tasks\User_Feed_Synchronization-{F1845969-8924-4FA4-99C2-9BF5D197D931} => C:\Windows\system32\msfeedssync.exe [2011-04-18] (Microsoft Corporation)
Task: {62A6A654-49C7-4C56-9D14-45081E55994A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {66262128-77BC-4C4D-9ABD-DDB3A4A314EC} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-04-26] (Samsung Electronics Co., Ltd.)
Task: {6C48358D-48EA-4FAF-9888-EF13C7C017F2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {85ACDD39-2230-490C-B02F-448A099525B7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13] (Adobe Systems Incorporated)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\pla.dll [2008-01-19] (Microsoft Corporation)
Task: {D78CEBD1-F971-4FA5-AD71-1DB08426EC06} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2007-06-01] (SAMSUNG Electronics)
Task: {E35C91ED-18E1-4F0B-AD6D-DAA78317DD43} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2007-06-29] (SAMSUNG Electronics co., LTD.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2010-05-13] ()
Task: {FBE15BE2-6A91-4B36-A697-0F3CDAFCD2D0} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - ***** => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2005-12-19 19:16 - 2005-12-19 19:16 - 00135168 _____ (ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
2007-04-24 11:14 - 2007-04-24 11:14 - 00184320 _____ (Broadcom Corporation.) C:\Windows\system32\btncopy.dll
2006-11-02 12:25 - 2007-06-14 05:11 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2007-07-11 00:49 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll
2007-07-11 01:04 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
2007-07-11 00:49 - 2007-02-23 11:32 - 00065536 _____ () C:\Program Files\Samsung\EBM\ChkSec.dll
2007-07-11 00:45 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2007-07-11 00:45 - 2006-09-19 02:52 - 00028672 _____ () C:\Program Files\Samsung\Easy Display Manager\WinMove.dll
2007-07-10 07:02 - 2007-03-23 07:44 - 00163840 _____ (Synaptics, Inc.) C:\Windows\system32\SynCOM.dll
2007-07-10 07:02 - 2007-03-23 07:51 - 00143360 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPAPI.dll
2010-03-15 16:57 - 2010-03-15 16:57 - 00053024 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00073064 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2013-04-28 19:02 - 2011-06-01 10:16 - 00496976 _____ (vbAccelerator) C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
2013-04-28 19:02 - 2012-05-22 17:05 - 00046416 _____ (vbAccelerator) C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
2013-08-19 17:11 - 2013-08-19 17:11 - 03551640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-09-13 18:01 - 2013-09-13 18:01 - 16177544 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) ==========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2013 03:10:13 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: Der McShield-Scan-Service kann keine Konfiguration im Register finden.

Error: (09/13/2013 06:20:11 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/13/2013 04:41:28 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: Der McShield-Scan-Service kann keine Konfiguration im Register finden.

Error: (09/12/2013 00:45:28 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\security.cpp14780070005

Error: (09/12/2013 00:07:37 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: Der McShield-Scan-Service kann keine Konfiguration im Register finden.

Error: (09/11/2013 08:21:27 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/11/2013 04:49:36 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: Der McShield-Scan-Service kann keine Konfiguration im Register finden.

Error: (09/10/2013 10:18:09 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/10/2013 07:51:38 AM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: Der McShield-Scan-Service kann keine Konfiguration im Register finden.

Error: (09/09/2013 08:20:36 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


System errors:
=============
Error: (09/14/2013 03:10:59 PM) (Source: Service Control Manager) (User: )
Description: McAfee Real-time Scanner5046 (0x13B6)

Error: (09/14/2013 03:10:59 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/13/2013 06:20:10 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (09/13/2013 04:41:44 PM) (Source: Service Control Manager) (User: )
Description: McAfee Real-time Scanner5046 (0x13B6)

Error: (09/13/2013 04:41:44 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/12/2013 00:40:47 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (09/12/2013 00:08:58 PM) (Source: Service Control Manager) (User: )
Description: McAfee Real-time Scanner5046 (0x13B6)

Error: (09/12/2013 00:08:58 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/11/2013 08:21:25 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (09/11/2013 04:50:57 PM) (Source: Service Control Manager) (User: )
Description: McAfee Real-time Scanner5046 (0x13B6)


Microsoft Office Sessions:
=========================
Error: (09/14/2013 03:10:13 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 

Error: (09/13/2013 06:20:11 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/13/2013 04:41:28 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 

Error: (09/12/2013 00:45:28 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier2\security.cpp14780070005

Error: (09/12/2013 00:07:37 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 

Error: (09/11/2013 08:21:27 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/11/2013 04:49:36 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 

Error: (09/10/2013 10:18:09 AM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/10/2013 07:51:38 AM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 

Error: (09/09/2013 08:20:36 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


CodeIntegrity Errors:
===================================
  Date: 2013-09-14 16:51:42.579
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-14 16:51:42.111
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-14 16:51:41.643
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-14 16:51:41.191
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-14 16:51:40.723
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-14 16:51:40.224
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-28 20:14:36.054
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-28 20:14:35.648
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-28 20:14:35.258
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-28 20:14:34.868
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 52%
Total physical RAM: 1789.45 MB
Available physical RAM: 851.34 MB
Total Pagefile: 3828.45 MB
Available Pagefile: 2372.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.6 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50.79 GB) (Free:9.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:51 GB) (Free:34.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 112 GB) (Disk ID: CCE881D1)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=51 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=51 GB) - (Type=07 NTFS)

==================== End Of Log ============================

GMER:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-14 18:44:46
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHY2120BH rev.0000000B 111,79GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\*****\AppData\Local\Temp\uwldapow.sys


---- System - GMER 2.1 ----

SSDT            88710F46                                                                                         ZwCreateSection
SSDT            88710F50                                                                                         ZwRequestWaitReplyPort
SSDT            88710F4B                                                                                         ZwSetContextThread
SSDT            88710F55                                                                                         ZwSetSecurityObject
SSDT            88710F5A                                                                                         ZwSystemDebugControl
SSDT            88710EE7                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!KeInsertQueue + 405                                                                 8207190C 4 Bytes  [46, 0F, 71, 88]
.text           ntoskrnl.exe!KeInsertQueue + 729                                                                 82071C30 4 Bytes  [50, 0F, 71, 88]
.text           ntoskrnl.exe!KeInsertQueue + 75D                                                                 82071C64 4 Bytes  [4B, 0F, 71, 88]
.text           ntoskrnl.exe!KeInsertQueue + 7C1                                                                 82071CC8 4 Bytes  [55, 0F, 71, 88]
.text           ntoskrnl.exe!KeInsertQueue + 809                                                                 82071D10 4 Bytes  [5A, 0F, 71, 88]
.text           ...                                                                                              

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                           mfehidk.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                          Mpfp.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                          Mpfp.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                        Mpfp.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027875488f                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197eef8c9f                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ef16d4b                      
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00027875488f (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197eef8c9f (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197ef16d4b (not active ControlSet)  

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                            unknown MBR code

---- EOF - GMER 2.1 ----

Könnt ihr damit etwas anfangen?
Kann das von Avira kommen?
Wenn da gefragt wird, ob eine Toolbar mitinstalliert werden soll, klicke ich eigentlich immer NEIN an

Laufwerksemulationen noch abgeschaltet ist richtig oder?

Vielen Dank schon mal

pc-blond

Vista / AskPartnerNetwork\Toolbar gefunden

Log-Analyse und Auswertung: Vista / AskPartnerNetwork\Toolbar gefunden

Vista / AskPartnerNetwork\Toolbar gefunden

Ähnliche Themen: Vista / AskPartnerNetwork\Toolbar gefunden