Windows 7, 32Bit, Trojaner: Notebookbildschirm schwarz

greenlight · 30.10.2013, 15:45

Habe seit ein paar Tagen folgendes Problem mit meinem sechs Jahre alten HP Pavilion dv6000 Notebook:

Der Laptop fährt sich hoch, auf dem Bildschirm wird allerdings nichts angezeigt. Er bleibt schwarz. Erst wenn ich einen externen Bildschirm anschließe, kann ich ganz normal arbeiten. Der Bildschirm vom Laptop flackert manchmal kurz und es wird wieder ein Bild gezeigt - manchmal für eine Stunde, meistens aber nur eine Sekunde. Ich vermute einen Trojaner in der Grafikkarte. Beim Viren-Scan mit AntiVir habe ich nichts gefunden, außer zwei versteckte Objekte. Die habe ich versucht über die Repair-CD von Antivir zu entfernen, was scheinbar nicht geklappt hat, weil er sie beim abermaligen Scannen wieder anzeigt. Seit gestern ist nicht nur mein Laptop-Bildschirm schwarz, sondern auch die Persönliche Ordner-Datei von Office Outlook 2007 weg.

Hier die Logfiles:

Defogger_disable:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:49 on 30/10/2013 (****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)

-=E.O.F=-

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2013
Ran by **** (administrator) on ****-LAPTOP on 30-10-2013 14:55:44
Running from C:\Users\****\Desktop
Microsoft Windows 7 Ultimate (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira Antivir\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira Antivir\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() D:\Programme\Virtual DJ\HerculesDJControlMP3.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira Antivir\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira Antivir\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira Antivir\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) D:\Programme\Mozilla\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [avgnt] - D:\Programme\Avira Antivir\Avira\AntiVir Desktop\avgnt.exe [347192 2013-07-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-10-23] (APN)
HKCU\...\Run: [Wunderlist] - "C:\Program Files\Wunderlist2\Wunderlist.exe" /silent
MountPoints2: {3401c58c-721f-11e2-9c57-bd5dd782a2e2} - G:\AutoRun.exe
MountPoints2: {73cf0d69-e6be-11df-aba7-001a6b852568} - G:\LaunchU3.exe -a
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEE4DB6D67BAFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKCU - (No Name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No File
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 D:\Programme\Avira Antivir\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 D:\Programme\Avira Antivir\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 D:\Programme\Avira Antivir\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 D:\Programme\Avira Antivir\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 D:\Programme\Avira Antivir\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 D:\Programme\Avira Antivir\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 D:\Programme\Avira Antivir\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 D:\Programme\Avira Antivir\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 D:\Programme\Avira Antivir\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 000000000100 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000101 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000102 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000103 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000104 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000105 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000106 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000107 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000108 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000109 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000110 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000111 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000112 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000113 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000114 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000115 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000116 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\aurdi1j2.default
FF user.js: detected! => C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\aurdi1j2.default\user.js
FF Homepage: hxxp://www.spiegel.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - D:\Programme\picasa\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\aurdi1j2.default\searchplugins\conduit.xml
FF Extension: FoxyProxy Basic - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\aurdi1j2.default\Extensions\foxyproxy@eric.h.jung
FF Extension: toolbar_AVIRA-V7 - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\aurdi1j2.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF Extension: No Name - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\aurdi1j2.default\Extensions\{31a48160-39fc-11de-8a39-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\aurdi1j2.default\Extensions\{c7b3cf78-9cbc-47b9-ba47-bb84a56069dd}.xpi
FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\aurdi1j2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Mozilla\firefox.exe

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; D:\Programme\Avira Antivir\Avira\AntiVir Desktop\sched.exe [84024 2013-07-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Programme\Avira Antivir\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; D:\Programme\Avira Antivir\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-08-09] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
R2 HerculesDJControlMP3; D:\Programme\Virtual DJ\HerculesDJControlMP3.EXE [17408 2007-11-21] ()
R3 hpqcxs08; D:\Programme\HP Drucker\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.)
R2 hpqddsvc; D:\Programme\HP Drucker\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.)
R2 HPSLPSVC; D:\Programme\HP Drucker\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.)
S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [161384 2013-02-28] (Skype Technologies)
S3 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [152064 2011-04-20] (Avanquest Software)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-09-26] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-09-26] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-08-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-07-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [127488 2009-10-02] (© Guillemot R&D, 2009. All rights reserved.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131856 2008-08-28] (Deterministic Networks, Inc.)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [124416 2009-10-02] (© Guillemot R&D, 2009. All rights reserved.)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-02] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17408 2009-11-19] (Shrew Soft Inc)
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [9728 2009-11-19] (Shrew Soft Inc)
S3 VNUSB; C:\Windows\System32\DRIVERS\VNUSB.sys [38496 2006-04-07] (OLYMPUS IMAGING CORP.)
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-30 14:55 - 2013-10-30 14:55 - 00000000 ____D C:\FRST
2013-10-30 14:55 - 2013-10-30 14:54 - 01089275 _____ (Farbar) C:\Users\****\Desktop\FRST.exe
2013-10-30 14:49 - 2013-10-30 14:49 - 00000632 _____ C:\Users\****\Desktop\defogger_disable.log
2013-10-30 14:49 - 2013-10-30 14:49 - 00000020 _____ C:\Users\****\defogger_reenable
2013-10-30 14:48 - 2013-10-30 14:47 - 00050477 _____ C:\Users\****\Desktop\Defogger.exe
2013-10-29 14:39 - 2013-10-30 14:51 - 00000616 _____ C:\Windows\setupact.log
2013-10-29 14:39 - 2013-10-29 14:39 - 00000000 _____ C:\Windows\setuperr.log
2013-10-23 21:02 - 2013-10-16 01:41 - 22933280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2013-10-23 21:02 - 2013-10-16 01:41 - 17560352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-23 21:02 - 2013-10-16 01:41 - 10378528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-23 21:02 - 2013-10-16 01:41 - 09516872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-23 21:02 - 2013-10-16 01:41 - 09472600 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-23 21:02 - 2013-10-16 01:41 - 02946848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-23 21:02 - 2013-10-16 01:41 - 02747168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-23 21:02 - 2013-10-16 01:41 - 01049888 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3233158.dll
2013-10-23 21:02 - 2013-10-16 01:41 - 00893728 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3233158.dll
2013-10-23 21:02 - 2013-10-16 01:41 - 00599840 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2013-10-23 21:02 - 2013-10-16 01:41 - 00560416 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2013-10-23 11:22 - 2013-10-23 11:22 - 102551358 _____ C:\Windows\system32\﵅欒᭄n
2013-10-13 18:00 - 2012-06-02 23:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-10-13 18:00 - 2012-06-02 23:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-10-13 18:00 - 2012-06-02 23:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-10-13 18:00 - 2012-06-02 23:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-10-13 18:00 - 2012-06-02 23:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-10-13 18:00 - 2012-06-02 23:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-10-13 18:00 - 2012-06-02 23:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-10-13 17:59 - 2012-06-02 14:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-10-13 17:59 - 2012-06-02 14:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-10-13 16:47 - 2013-10-13 16:47 - 00000000 ____D C:\Users\****\AppData\Roaming\Avira
2013-10-13 16:44 - 2013-10-13 16:44 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-13 16:43 - 2013-10-13 16:43 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-10-13 16:43 - 2013-10-13 16:43 - 00000000 ____D C:\ProgramData\APN
2013-10-13 16:43 - 2013-10-13 16:43 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-10-13 16:41 - 2013-10-13 16:42 - 00000000 ____D C:\ProgramData\Avira
2013-10-13 16:41 - 2013-08-22 16:39 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-13 16:41 - 2013-07-29 16:37 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-13 16:41 - 2013-03-06 15:13 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-13 16:41 - 2012-08-27 14:50 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys

==================== One Month Modified Files and Folders =======

2013-10-30 14:55 - 2013-10-30 14:55 - 00000000 ____D C:\FRST
2013-10-30 14:54 - 2013-10-30 14:55 - 01089275 _____ (Farbar) C:\Users\****\Desktop\FRST.exe
2013-10-30 14:52 - 2010-11-08 18:04 - 00000000 ____D C:\Users\****\AppData\Roaming\Dropbox
2013-10-30 14:51 - 2013-10-29 14:39 - 00000616 _____ C:\Windows\setupact.log
2013-10-30 14:50 - 2013-07-10 07:43 - 00950841 _____ C:\Windows\WindowsUpdate.log
2013-10-30 14:49 - 2013-10-30 14:49 - 00000632 _____ C:\Users\****\Desktop\defogger_disable.log
2013-10-30 14:49 - 2013-10-30 14:49 - 00000020 _____ C:\Users\****\defogger_reenable
2013-10-30 14:49 - 2010-05-02 16:47 - 00000000 ____D C:\Users\****
2013-10-30 14:47 - 2013-10-30 14:48 - 00050477 _____ C:\Users\****\Desktop\Defogger.exe
2013-10-30 14:22 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-30 14:22 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-30 14:21 - 2010-05-02 16:51 - 01626920 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-29 14:39 - 2013-10-29 14:39 - 00000000 _____ C:\Windows\setuperr.log
2013-10-23 21:05 - 2010-05-10 14:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-23 21:03 - 2011-01-13 22:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-23 11:22 - 2013-10-23 11:22 - 102551358 _____ C:\Windows\system32\﵅欒᭄n
2013-10-16 01:41 - 2013-10-23 21:02 - 22933280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2013-10-16 01:41 - 2013-10-23 21:02 - 17560352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-16 01:41 - 2013-10-23 21:02 - 10378528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-16 01:41 - 2013-10-23 21:02 - 09516872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-16 01:41 - 2013-10-23 21:02 - 09472600 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-16 01:41 - 2013-10-23 21:02 - 02946848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-16 01:41 - 2013-10-23 21:02 - 02747168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-16 01:41 - 2013-10-23 21:02 - 01049888 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3233158.dll
2013-10-16 01:41 - 2013-10-23 21:02 - 00893728 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3233158.dll
2013-10-16 01:41 - 2013-10-23 21:02 - 00599840 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2013-10-16 01:41 - 2013-10-23 21:02 - 00560416 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2013-10-16 01:41 - 2013-02-27 12:52 - 15244272 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2013-10-16 01:41 - 2011-01-13 22:51 - 00018174 _____ C:\Windows\system32\nvinfo.pb
2013-10-16 01:41 - 2009-10-03 05:02 - 15858664 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2013-10-16 01:41 - 2009-10-03 05:02 - 02694664 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2013-10-15 22:57 - 2010-10-16 11:42 - 04314912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-10-15 22:57 - 2010-10-16 11:42 - 03036448 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2013-10-15 22:57 - 2010-10-16 11:42 - 02555168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-10-15 22:57 - 2010-10-16 11:42 - 00664352 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-10-15 22:57 - 2010-10-16 11:42 - 00209184 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-10-15 22:57 - 2009-10-03 10:40 - 00062752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-10-13 22:02 - 2010-05-02 17:34 - 00000000 ____D C:\Users\****\AppData\Roaming\Adobe
2013-10-13 18:13 - 2010-05-02 17:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-13 18:13 - 2009-07-14 03:04 - 00000513 _____ C:\Windows\win.ini
2013-10-13 18:00 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-13 16:47 - 2013-10-13 16:47 - 00000000 ____D C:\Users\****\AppData\Roaming\Avira
2013-10-13 16:44 - 2013-10-13 16:44 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-13 16:43 - 2013-10-13 16:43 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-10-13 16:43 - 2013-10-13 16:43 - 00000000 ____D C:\ProgramData\APN
2013-10-13 16:43 - 2013-10-13 16:43 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-10-13 16:42 - 2013-10-13 16:41 - 00000000 ____D C:\ProgramData\Avira
2013-10-13 16:36 - 2011-10-29 19:50 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-13 16:36 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-13 10:08 - 2011-10-29 19:50 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-11 17:10

==================== End Of Log ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-10-2013
Ran by **** at 2013-10-30 14:56:54
Running from C:\Users\****\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 6.1.1)
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.1.0)
Adobe After Effects CS3 Presets (Version: 8)
Adobe After Effects CS3 Third Party Content (Version: 3)
Adobe AIR (Version: 3.5.0.1060)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Recommended Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Extra Settings (Version: 1.0)
Adobe Creative Suite 3 Master Collection (Version: 1.0)
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash Player 10 ActiveX (Version: 10.1.85.3)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Premiere Pro CS3 (Version: 3)
Adobe Premiere Pro CS3 Functional Content (Version: 8)
Adobe Premiere Pro CS3 Third Party Content (Version: 3)
Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Video Profiles (Version: 1.0)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Advertising Center (Version: 0.0.0.2)
AHV content for Acrobat and Flash (Version: 1)
AIO_CDB_ProductContext (Version: 130.0.365.000)
AIO_CDB_Software (Version: 130.0.365.000)
AIO_Scan (Version: 130.0.421.000)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.3.13 (Unicode)
AuthenTec TrueSuite (Version: 2.0.0.57)
Avira Free Antivirus (Version: 13.0.0.4052)
Avira SearchFree Toolbar (Version: 12.6.0.1898)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
CCleaner (Version: 2.31)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.10057)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.10057)
Copy (Version: 130.0.428.000)
D3DX10 (Version: 15.4.2368.0902)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
Digsby
DocProc (Version: 13.0.0.0)
DolbyFiles (Version: 2.0)
Dropbox (HKCU Version: 2.0.22)
Duden Rechtschreibtrainer (Version: 2.0.0)
F300 (Version: 130.0.365.000)
F300_Help (Version: 82.0.242.000)
F300Trb (Version: 82.0.242.000)
Fax (Version: 130.0.418.000)
GIMP 2.8.4 (Version: 2.8.4)
Google Update Helper (Version: 1.3.21.165)
GPBaseService2 (Version: 130.0.371.000)
Hercules DJ Products Series drivers (Version: 4.HDJS.2009)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Solution Center 13.0 (Version: 13.0)
HPPhotoGadget (Version: 130.0.282.000)
HPProductAssistant (Version: 130.0.371.000)
ImagXpress (Version: 7.0.74.0)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 35 (Version: 6.0.350)
JDownloader 2 (Version: 2)
LightScribe System Software (Version: 1.18.8.1)
Menu Templates - Starter Kit (Version: 9.4.6.0)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works 6-9 Converter (Version: 9.7.0000)
MobileMe Control Panel (Version: 3.1.6.0)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MP3 Skype Recorder (Version: 3.1.3)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyPhoneExplorer (Version: 1.8.1)
Nero 9
Nero Burning ROM Help (Version: 9.4.17.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.9.100)
Nero CoverDesigner Help (Version: 4.4.9.100)
Nero Disc Copy Gadget (Version: 2.4.22.0)
Nero Disc Copy Gadget Help (Version: 2.4.22.0)
Nero DiscSpeed (Version: 5.4.12.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero Express Help (Version: 9.4.17.100)
Nero InfoTool (Version: 6.4.11.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Recode (Version: 4.4.31.0)
Nero Recode Help (Version: 4.4.31.0)
Nero Rescue Agent (Version: 2.4.12.100)
Nero RescueAgent Help (Version: 2.4.4.100)
Nero StartSmart (Version: 9.4.12.100)
Nero StartSmart Help (Version: 9.4.12.100)
Nero WaveEditor (Version: 5.4.32.0)
NeroBurningROM (Version: 9.4.17.100)
NeroExpress (Version: 9.4.17.100)
neroxml (Version: 1.0.0)
Network (Version: 130.0.572.000)
NVIDIA Grafiktreiber 331.58 (Version: 331.58)
NVIDIA Install Application (Version: 2.1002.133.902)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX-Systemsoftware 260.99 (Version: 260.99)
NVIDIA Systemsteuerung 331.58 (Version: 331.58)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Olympus Digital Wave Player
Pamela Pro 4.7 (Version: 4.7)
PDF Settings (Version: 1.0)
Picasa 3 (Version: 3.9)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.70.80.34)
Scan (Version: 13.0.0.0)
Skype™ 6.3 (Version: 6.3.105)
SolutionCenter (Version: 130.0.373.000)
Sony Ericsson PC Companion 2.01.192 (Version: 2.01.192)
Sony Ericsson Update Engine (Version: 2.11.7.13)
Status (Version: 130.0.469.000)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 11.0.7.0)
System Requirements Lab
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
UnloadSupport (Version: 11.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VirtualDJ PRO Full (Version: 7.0.5)
VLC media player 2.1.0 (Version: 2.1.0)
WebReg (Version: 130.0.132.017)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
XMedia Recode Version 3.1.7.2 (Version: 3.1.7.2)
Zattoo4 4.0.5 (Version: 4.0.5)

==================== Restore Points =========================

==================== Hosts content: ==========================

2009-07-14 03:04 - 2012-12-26 13:19 - 00001136 ____A C:\Windows\system32\Drivers\etc\hosts
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de

==================== Scheduled Tasks (whitelisted) =============

Task: {1FC6109E-1B4D-491C-9D39-A4F0F47F422B} - System32\Tasks\{5D9B969F-F3C9-4DAA-B219-5FA0D8317563} => Firefox.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/abandoninstall?page=tsProgressBar
Task: {26B73BEB-14CA-46F6-85F0-09A006FA4298} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-29] (Google Inc.)
Task: {4CAD2676-3AB3-4052-B8B1-C53DD62DD660} - System32\Tasks\{F115A6B9-B682-4894-A12F-2AD24A4821D4} => Firefox.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/abandoninstall?page=tsProgressBar
Task: {4EE6F417-6B75-4F4D-8CD0-5AD2B3695958} - System32\Tasks\{393BF971-BC20-4810-A5AB-16D6494A19D4} => Firefox.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/abandoninstall?page=tsProgressBar
Task: {658E0ECF-9326-4B0C-AB82-9E92184325E8} - System32\Tasks\{D06D3D34-8B2A-4D25-B01F-BCA7C69BD3B1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/abandoninstall?page=tsProgressBar
Task: {67C64740-D291-40FA-8248-2F5A777BF4D3} - System32\Tasks\{98B65F61-8A84-4D05-B348-2A9ED32B3F3D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {968D5592-3C17-4F61-9CC1-8B1AFDAD09EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-29] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-05-02 17:19 - 2009-08-16 16:06 - 00141312 _____ () D:\Programme\WinRAR\rarext.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\****\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-18 11:29 - 2013-09-18 11:29 - 03279768 _____ () D:\Programme\Mozilla\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\****\AppData\Roaming\Microsoft Access 97-2003.EML:OECustomProperty

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Shrew Soft Lightweight Filter
Description: Shrew Soft Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: vflt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/29/2013 06:59:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17581

Error: (10/29/2013 06:59:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17581

Error: (10/29/2013 06:59:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/29/2013 06:59:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9859

Error: (10/29/2013 06:59:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9859

Error: (10/29/2013 06:59:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/28/2013 09:09:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5171760

Error: (10/28/2013 09:09:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5171760

Error: (10/28/2013 09:09:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/27/2013 07:47:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12609139

System errors:
=============
Error: (10/30/2013 02:52:06 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
vflt

Error: (10/30/2013 02:18:15 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
vflt

Error: (10/29/2013 10:21:28 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SAMSUNG",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4D9DBEA1-6D2E-47D4-BD4A-B60154567C-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (10/29/2013 08:59:44 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
vflt

Error: (10/29/2013 07:33:20 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.100
registriert werden. Der Computer mit IP-Adresse 192.168.2.1 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/29/2013 05:34:48 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
vflt

Error: (10/29/2013 03:30:37 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
vflt

Error: (10/29/2013 03:28:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet:
%%1115

Error: (10/29/2013 03:28:35 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
vflt

Error: (10/29/2013 03:28:15 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Microsoft Office Sessions:
=========================
Error: (03/22/2013 03:02:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/10/2013 02:49:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/06/2011 06:48:17 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17308 seconds with 12780 seconds of active time. This session ended with a crash.

Error: (11/05/2011 10:22:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11241 seconds with 6420 seconds of active time. This session ended with a crash.

Error: (07/12/2011 02:53:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6987 seconds with 6480 seconds of active time. This session ended with a crash.

Error: (04/02/2011 10:22:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 816 seconds with 120 seconds of active time. This session ended with a crash.

Error: (04/02/2011 02:33:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3636 seconds with 0 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 2046.43 MB
Available physical RAM: 1042.24 MB
Total Pagefile: 4092.86 MB
Available Pagefile: 2651.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:29.2 GB) (Free:2.63 GB) NTFS
Drive d: () (Fixed) (Total:112.27 GB) (Free:5.07 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:7.48 GB) (Free:2.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 2AEE2AEE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=29 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Gmer.txt:

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-30 15:15:36
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 FUJITSU_MHW2160BH_PL rev.891F 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\****\AppData\Local\Temp\uglyqpob.sys

---- System - GMER 2.1 ----

SSDT 8EB214E6 ZwCreateSection
SSDT 8EB214F0 ZwRequestWaitReplyPort
SSDT 8EB214EB ZwSetContextThread
SSDT 8EB214F5 ZwSetSecurityObject
SSDT 8EB214FA ZwSystemDebugControl
SSDT 8EB21487 ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 832615D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83286092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 370 8328D9B0 4 Bytes [E6, 14, B2, 8E] {OUT 0x14, AL; MOV DL, 0x8e}
.text ntkrnlpa.exe!RtlSidHashLookup + 6CC 8328DD0C 4 Bytes [F0, 14, B2, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 710 8328DD50 4 Bytes [EB, 14, B2, 8E] {JMP 0x16; MOV DL, 0x8e}
.text ntkrnlpa.exe!RtlSidHashLookup + 78C 8328DDCC 4 Bytes [F5, 14, B2, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 7E0 8328DE20 4 Bytes [FA, 14, B2, 8E]
.text ...

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{345DE179-29E8-4EA6-B307-4940DE643F40}\Connection@Name Reusable ISATAP Interface {345DE179-29E8-4EA6-B307-4940DE643F40}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{7FFF1EA1-9888-4520-A2AC-FA34A37A2E15}?\Device\{BBDE37FB-B995-4606-800A-CD430EB43E3C}?\Device\{769AFBB0-8668-4DF2-84E5-995AF88C50FD}?\Device\{D4BFFE3D-2FD1-4914-A3C0-05DD7AA2F8D2}?\Device\{421ACDD4-A29D-4ECD-83D0-EE47B3DA5DAC}?\Device\{0ADEB147-0291-4909-A113-1D2197600DA8}?\Device\{074741A9-7CFE-4D4B-BB76-2979558CD9B7}?\Device\{6E23387E-C0CE-4950-84B3-0003043A1EFE}?\Device\{9E423548-8885-4387-B004-3DFECDB80F2B}?\Device\{C64F547C-F04F-4F53-BB9B-2DD78F76E153}?\Device\{8E6D6738-BB55-48BE-85F7-10C5DFD1C9A9}?\Device\{48A5BE3C-14BB-4164-B31A-B822F0B6E109}?\Device\{422B6078-B9AF-41A3-9430-78D56C07DAB3}?\Device\{3EABFDDF-EF35-4FE0-A410-0B6C69FDF919}?\Device\{1D48870E-6802-4523-A6D2-F3B452F07F10}?\Device\{9CDD655C-5478-4363-A6AF-68AEE3D1C51F}?\Device\{C6020CC9-6D43-4C31-8FB0-C1D82E1F6D4B}?\Device\{398BD271-34E6-482B-8D65-459C29993370}?\Device\{15442774-9B93-42B3-8E44-737963EAE3E4}?\Device\{6C06FB2A-44BB-45C0-83DF-635F0B515233}?\Device\{7D5CECD4-D825-4462-9C81-73A92B926764}?\Device\{7A738E75-36CB-488D-B653-014
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{7FFF1EA1-9888-4520-A2AC-FA34A37A2E15}"?"{BBDE37FB-B995-4606-800A-CD430EB43E3C}"?"{769AFBB0-8668-4DF2-84E5-995AF88C50FD}"?"{D4BFFE3D-2FD1-4914-A3C0-05DD7AA2F8D2}"?"{421ACDD4-A29D-4ECD-83D0-EE47B3DA5DAC}"?"{0ADEB147-0291-4909-A113-1D2197600DA8}"?"{074741A9-7CFE-4D4B-BB76-2979558CD9B7}"?"{6E23387E-C0CE-4950-84B3-0003043A1EFE}"?"{9E423548-8885-4387-B004-3DFECDB80F2B}"?"{C64F547C-F04F-4F53-BB9B-2DD78F76E153}"?"{8E6D6738-BB55-48BE-85F7-10C5DFD1C9A9}"?"{48A5BE3C-14BB-4164-B31A-B822F0B6E109}"?"{422B6078-B9AF-41A3-9430-78D56C07DAB3}"?"{3EABFDDF-EF35-4FE0-A410-0B6C69FDF919}"?"{1D48870E-6802-4523-A6D2-F3B452F07F10}"?"{9CDD655C-5478-4363-A6AF-68AEE3D1C51F}"?"{C6020CC9-6D43-4C31-8FB0-C1D82E1F6D4B}"?"{398BD271-34E6-482B-8D65-459C29993370}"?"{15442774-9B93-42B3-8E44-737963EAE3E4}"?"{6C06FB2A-44BB-45C0-83DF-635F0B515233}"?"{7D5CECD4-D825-4462-9C81-73A92B926764}"?"{7A738E75-36CB-488D-B653-0143064288C0}"?"{FB14ED31-9D3C-44DA-B53D-688C5952CAE6}"?"{01DF159A-F0F6-47F1-8C04-74B9A83F4218}"?"{49B3E5E8-850D-4A8A-A736-B5197932904E}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{7FFF1EA1-9888-4520-A2AC-FA34A37A2E15}?\Device\TCPIP6TUNNEL_{BBDE37FB-B995-4606-800A-CD430EB43E3C}?\Device\TCPIP6TUNNEL_{769AFBB0-8668-4DF2-84E5-995AF88C50FD}?\Device\TCPIP6TUNNEL_{D4BFFE3D-2FD1-4914-A3C0-05DD7AA2F8D2}?\Device\TCPIP6TUNNEL_{421ACDD4-A29D-4ECD-83D0-EE47B3DA5DAC}?\Device\TCPIP6TUNNEL_{0ADEB147-0291-4909-A113-1D2197600DA8}?\Device\TCPIP6TUNNEL_{074741A9-7CFE-4D4B-BB76-2979558CD9B7}?\Device\TCPIP6TUNNEL_{6E23387E-C0CE-4950-84B3-0003043A1EFE}?\Device\TCPIP6TUNNEL_{9E423548-8885-4387-B004-3DFECDB80F2B}?\Device\TCPIP6TUNNEL_{C64F547C-F04F-4F53-BB9B-2DD78F76E153}?\Device\TCPIP6TUNNEL_{8E6D6738-BB55-48BE-85F7-10C5DFD1C9A9}?\Device\TCPIP6TUNNEL_{48A5BE3C-14BB-4164-B31A-B822F0B6E109}?\Device\TCPIP6TUNNEL_{422B6078-B9AF-41A3-9430-78D56C07DAB3}?\Device\TCPIP6TUNNEL_{3EABFDDF-EF35-4FE0-A410-0B6C69FDF919}?\Device\TCPIP6TUNNEL_{1D48870E-6802-4523-A6D2-F3B452F07F10}?\Device\TCPIP6TUNNEL_{9CDD655C-5478-4363-A6AF-68AEE3D1C51F}?\Device\TCPIP6TUNNEL_{C6020CC9-6D43-4C31-8FB0-C1D82E1F6D4B}?\De
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b852568
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b852568@0016b8952b84 0x4F 0xDF 0x18 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ????????gendisk??????$??????????????????????????????????????????????????Laufwerk????? ?????????????????????1????????????????????????USBAAPL.Dev??w??????????Microsoft????(?? ???????????????????????????gendisk?????COM11???v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalS ubnet|App=System|Name=@FirewallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|?????'???????????????????????????n???(????????????????????????????????:??????2?gE-?????????????????????????????????????????????????????????????????????????????????????????????6???????????????????e????????????????????????????????71?? ?????????????????????????????????????????????9?????s????? p?????????????????LocalSystem?he??system32\DRIVERS\WinUsb.sys?????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPo rt=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|Emb
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ??????????????\??????F???????D????????????????????????:??????6?g-1???g?k?k?k????????????????????????????USB\UNKNOWN??e???????????????????????????????????????????????h???{???????????i?????s,%???????????????????????h? ??????H??????????????????????????????????????????????????????????????????????????????????????r???????????????gendisk?????????r?????&??????l???t??????? ???????????????????text?????????????????????????????????????????????????????t??sffdisk.inf?6???USBSTOR_BULK?????????????????????????u???????e????????? ????????????????????????????????????????????????????????????????5????????????????????????????pp??????text?l????????????????????d?????????????????vo??? ???vo??USBAAPL.Dev???????\????????g????Net?????oem86.inf????????????????????????????+?????????????????????????????6????usb.inf???????????????t???????? ???????r??????????h???????????????????T??\0??\0??PSCRIPT.HLP???????????????????????????????????6??????????????????????????????????????????l???m??????? ????-??05?????????????????e?????????????0????????X????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ?????????????&???????????????????????????????????????????????m???????????????????s????????????????????????????6?????? 2?????????????????????????????? ?????????????????????-??????????????????????????X??????????????????????????n??Root\*6TO4MP\0031????????????.???????.??7&1cfcfac0&0?7??? ???????5?????????????-??"????????????????????0?????????????????????????+?????????????????????????????t?????????????????W?????????????????????????????????????????????????? ? ?????????????????????1???????????????????????????????????????????????????????????\USB#VI??? ???????????????????z?1????????????????????? ?????????????????????1?????????????????????????h???o??????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=10244|RA4=LocalSubnet|RA6=LocalSubne t|App=System|Name=@FirewallAPI.dll,-30785|Desc=@FirewallAPI.dll,-30788|EmbedCtxt=@FirewallAPI.dll,-30752|???v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3390|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-30793|Desc=@FirewallAPI.dll,-30796|EmbedCtxt
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????????????????????????????????????s???????????????????f??|????????????????????????????h???????1??? D??????o?????lib????N??????3?????D-8??? ???????T??????????sT??????????????????????????int?t????????e??????????????????????????tunnel??????????????????tunnel???v??sy?????????????????????????? ??????????????????8???????????h?????????????????????????.NTx86?889??system32\DRIVERS\ssmdrv.sys?????text????Microsoft???? "??????9?????465??????????????????????????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}?3?3??LDDM Graphics Subsystem??D??t???BTHENUM\{426c6163-6b42-6572-7279-427970617373}???????????}???p?????e?????????????????????????i???????????????????????????????0??t????????\??{4d36e972-e325-11ce-bfc1-08002be10318}\0038?? ??????????@disk.inf,%disk_devdesc%;Laufwerk???????????????????Microsoft?????????????,??????v?????n?y??? ???????5?????-41???s??? ??????????????????system32\DRIVERS\smserial.sys???????.NT??????????????s???????????????g????????????????????<??????E????????????????????????^??????T?? ?????t??.NT????
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 18998
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 16556
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\Daemon Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0x3C 0xAE 0xFF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7A 0x39 0x7F 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9E 0xA0 0xC2 0x6F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x27 0x2D 0x8B 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x27 0x2D 0x8B 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{4D9DBEA1-6D2E-47D4-BD4A-B60154567CB4}@LeaseObtainedTime 1383141082
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{4D9DBEA1-6D2E-47D4-BD4A-B60154567CB4}@T1 -764342567
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{4D9DBEA1-6D2E-47D4-BD4A-B60154567CB4}@T2 1920011993
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b852568 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b852568@0016b8952b84 0x4F 0xDF 0x18 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???`?s??????????????????????ba??.NTx86??t????????y??????\0???????????y?????????????e?s??? ???????A???????????A???????? ??????????????????A??? ???????.??.NTx86???6???????A???0???????F??? ???A???3???????4??6-21-2006???? ???A??????????????.NTx86??????volume_install?753??? ???A???&??????t???Microsoft????????A???????h???h??? ???A???4??????n???6.1.7600.16385?CC0???????A???5??????????storage\volume???4???A?A?A?A?A?A?A?A?A??Standardvolume??????volume.inf??????????? ???????A???????????A???????? ?????????????? ???A??????????t????????A??????????????Microsoft????????A???6??????????? ???A??????????????6-21-2006???? ???A???6??????????.NTx86??e???? ???A??????????????volume_install??????Microsoft????????A???????h???h??? ???A??????????n???6.1.7600.16385???????????A??????????????storage\volume??? ???A?A?A?A?A?A?A?A?A??Standardvolume??????volume.inf??????????? ???????A???????????A???????? ?????????????? ???A??????????t????????A???7???????????????A??????????????? ???A???6??????????6-21-2006???? ???A???6???????????????A???????h?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???s?}???????e?????? ????????????? ??m???????????e????,??????????????????????????????????????????s??????????????????SeAuditPrivilege?SeImpersonatePrivilege?SeTcbPrivilege?SeDebugPrivile ge??????s?s?s?s?s?s?s?s?s?s?s??????????? ???????s???????????s????????,?B??? ???????????? B??s??????????????%SystemRoot%\System32\ikeext.dll?????????????????????????????????s?????????n????IkeServiceMain??????? ???????s?????s???????????????????????????o???????s???s????? ???????s???????????s??????????\?????0????????????????????????s0????????s????????????????????????\??s??????0???500?UDP?%windir%\system32\svchost.exe?IK EEXT?????s?s?s?s?s????????????????0?????? ???????o?????s????????????????????????????? ???????s?????????????????????????? ??????????????s????? ???????o???????????s??????????N????????????????????????????????????????????s?s?s???s?s?t?t?t?s?s??Net??s???}???{?????????????????????????????????????? ???????s???s????Intel-Prozessortreiber???????????????????????? ??T??????p????????@???e??st???????????????:??????????-2??Brother
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???e?s??? ???????A???????????A???????? ??????????????????A??? ???????.??.NTx86???6???????A???0???????F??? ???A???3???????4??6-21-2006???? ???A??????????????.NTx86??????volume_install?753??? ???A???&??????t???Microsoft????????A???????h???h??? ???A???4??????n???6.1.7600.16385?CC0???????A???5??????????storage\volume???4???A?A?A?A?A?A?A?A?A??Standardvolume??????volume.inf??????????? ???????A???????????A???????? ?????????????? ???A??????????t????????A??????????????Microsoft????????A???6??????????? ???A??????????????6-21-2006???? ???A???6??????????.NTx86??e???? ???A??????????????volume_install??????Microsoft????????A???????h???h??? ???A??????????n???6.1.7600.16385???????????A??????????????storage\volume??? ???A?A?A?A?A?A?A?A?A??Standardvolume??????volume.inf??????????? ???????A???????????A???????? ?????????????? ???A??????????t????????A???7???????????????A??????????????? ???A???6??????????6-21-2006???? ???A???6???????????????A???????h??????? ???A???????????????A??????????????volume_install?6????? ???A???????????7?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???k?????????7??? ???2???2???f?f?f???f?f?f??? ???????????????????f?f?f???f?f?f???????f??????????????? ???????f?????f???????1????????????????????? ???????f???????????f?1?????????????????????????????????????f?f???????f????? ???????f?????f???????-??"?????f??????????0??????f????????g?????????????????????????7??????????????????????????A????f?f??????N????????????D????? Z??k??????????s????????k????X???????????????X?????????????ACPI\PNP0C09?*PNP0C09?????????????????????????????N??l???n????DaxM????6??t????????h?????PNP_ TDI??????????e???e??????????? ???i??????????s????0?????f???f????????????????????{00000000-0000-0000-ffff-ffffffffffff}?Win??? ???????????????????????????g ???????????????????N???????????D???????N??k?????????D?????????e???????e??ROOT\RDPBUS??-??33??? ???????f?????f?????f?-??(???$???????????????sP-T???????????a??????????????? ???????f?????f???????-???????????????????????????????f????? ???????f?????????????-?????????????????????y?????f????? ???????f???????????f?-??????"??????????f???????f ??u????????rRes?
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\Daemon Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0x3C 0xAE 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7A 0x39 0x7F 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9E 0xA0 0xC2 0x6F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x27 0x2D 0x8B 0x08 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x27 0x2D 0x8B 0x08 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xC8 0xA9 0x28 0x8A ...

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 312576708 !
Disk \Device\Harddisk0\DR0 PE file @ sector 312576730 !

---- EOF - GMER 2.1 ----

Ich habe noch nie mit LogFiles etc. gearbeitet, deswegen bitte ich um Nachsicht, falls ich irgendetwas falsch gemacht habe. Ich würde mich über eure Hilfe sehr freuen! Danke und liebe Grüße

Windows 7, 32Bit, Trojaner: Notebookbildschirm schwarz

Log-Analyse und Auswertung: Windows 7, 32Bit, Trojaner: Notebookbildschirm schwarz

Windows 7, 32Bit, Trojaner: Notebookbildschirm schwarz

Ähnliche Themen: Windows 7, 32Bit, Trojaner: Notebookbildschirm schwarz