Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win XP: Avira fand "EXP/CVE-2013-2465.G.Gen"; ClamWin findet Trojaner

Win XP: Avira fand "EXP/CVE-2013-2465.G.Gen"; ClamWin findet Trojaner


Log-Analyse und Auswertung: Win XP: Avira fand "EXP/CVE-2013-2465.G.Gen"; ClamWin findet Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.01.2014, 17:51   #1
monkey951
 
Win XP: Avira fand "EXP/CVE-2013-2465.G.Gen"; ClamWin findet Trojaner - Standard

Win XP: Avira fand "EXP/CVE-2013-2465.G.Gen"; ClamWin findet Trojaner


Hallo liebes trojaner-board-Team!
Nach den Nachrichten, dass via Yahoo Malware verbreitet wurde, hab ich Clamwin und Avira laufen lassen und beide haben was gefunden: div. Trojaner und "EXP/CVE-2013-2465.G.Gen". Probleme an und für sich tauchen nicht auf, aber die logfiles die beiden Programme auswerfen, beunruhigen mich massiv, da ich auf diesem Computer auch sensible Daten handhabe.

Nach einem nochmaligen Scan mit Avira taucht der CXP/CVE Virus nicht mehr auf. Leider hab ich keine Ahnung, ob er mit der Quarantäne wirklich unschädlich ist

Nachdem meine Kenntnisse in diesem Gebiet beschränkt sind, bitte ich um Hilfe meinen Laptop wieder zu bereinigen.

Zur Info: der Laptop ist ein refurbished Dell aus den USA, falls das in den logfiles auftaucht.

Vielen Dank im Voraus!
lg Anita

PS: Ich finde es klasse, das es dieses Forum gibt, und dass ihr in Eurer Freizeit anderen helft! Danke!!

defogger_disable
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:44 on 06/01/2014 (anita *****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014
Ran by anita ***** (administrator) on ANITA on 06-01-2014 15:50:24
Running from C:\Documents and Settings\anita *****\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(alch) C:\Program Files\ClamWin\bin\ClamTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\hidfind.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Documents and Settings\anita *****\Desktop\Defogger.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [176128 2005-10-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [77824 2005-12-14] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [118784 2005-12-14] (Intel Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [282624 2006-03-25] (SigmaTel, Inc.)
HKLM\...\Run: [ClamWin] - C:\Program Files\ClamWin\bin\ClamTray.exe [86016 2013-10-18] (alch)
HKLM\...\Run: [NPSStartup] - [x]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
MountPoints2: {2ff6b887-f0df-11dc-b947-0015c5a50a82} - wscript.exe VirusRemoval.vbs
HKU\Administrator\...\Run: [ModemOnHold] - C:\Program Files\NetWaiting\netwaiting.exe [ 2003-09-10] ()
HKU\Default User\...\Run: [ModemOnHold] - C:\Program Files\NetWaiting\netwaiting.exe [ 2003-09-10] ()
Lsa: [Notification Packages] scecli scecli scecli scecli scecli scecli

==================== Internet (Whitelisted) ====================

ProxyServer: isasrv.fh.ac.at:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://services.ama.at/servlet/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
SearchScopes: HKCU - DefaultScope {5E6EDBF3-0B0B-4D97-B65B-3995FFC74381} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {5E6EDBF3-0B0B-4D97-B65B-3995FFC74381} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {75D6ADAA-79BE-40EB-997A-B14F5AE37C19} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578
FF Homepage: hxxp://foodporndaily.com/|hxxp://www.netvibes.com/signin?from=home|hxxp://www.wetteronline.de/wettertrend/st-poelten|hxxp://wetter.orf.at/niederoesterreich/prognose|hxxp://www.zamg.ac.at/cms/de/wetter/wetter-oesterreich/niederoesterreich/heute_nacht
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF SearchPlugin: C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: WOT - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Ghostery - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\firefox@ghostery.com.xpi
FF Extension: Mind the Time - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\jid0-HYNmqxA9zQGfJADREri4n2AHKSI@jetpack.xpi
FF Extension: DuckDuckGo Plus - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
FF Extension: All-in-One Sidebar - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: LeechBlock - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
FF Extension: Leo Search - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\{c666c018-6409-4479-afa3-68e4129e7eff}.xpi
FF Extension: Adblock Plus - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S4 Bluetooth Hid Switch Service; C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe [188416 2005-08-30] (Cambridge Silicon Radio)
R2 MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [9150464 2005-05-04] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-04] (Microsoft Corporation)
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [376832 2006-06-29] (Dell Inc.)
S3 SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [323584 2005-05-04] (Microsoft Corporation)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe [180224 2006-06-12] ()
S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [262217 2005-12-28] (Intel(R) Corporation)
S2 DataSvr2; "C:\Program Files\Wave Systems Corp\Common\DataServer.exe" [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [x]
S2 Symantec Core LC; "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" [x]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21275 2006-09-16] (Meetinghouse Data Communications)
R1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions)
R1 DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions)
R2 DLADResN; C:\Windows\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions)
R2 DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions)
R2 DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions)
R2 DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions)
R1 DLARTL_N; C:\Windows\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions)
R2 DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions)
R2 DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions)
R2 DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [47249 2007-12-03] (FTDI Ltd.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51056 2003-08-11] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2003-08-11] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21488 2003-08-11] (HP)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [13568 2005-12-28] (Intel Corporation)
S3 snpstd2; C:\Windows\System32\DRIVERS\snpstd2.sys [347264 2004-12-17] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-02] (Avira GmbH)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1156648 2006-03-25] (SigmaTel, Inc.)
R2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2006-09-16] (Symantec Corporation)
S3 w39n51; C:\Windows\System32\DRIVERS\w39n51.sys [1428096 2005-12-05] (Intel® Corporation)
U2 CertPropSvc; 
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]
U1 WS2IFSL; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-06 15:50 - 2014-01-06 15:50 - 00014321 _____ C:\Documents and Settings\anita *****\Desktop\FRST.txt
2014-01-06 15:50 - 2014-01-06 15:50 - 00000000 ____D C:\FRST
2014-01-06 15:48 - 2014-01-06 15:49 - 01064805 _____ (Farbar) C:\Documents and Settings\anita *****\Desktop\FRST.exe
2014-01-06 15:44 - 2014-01-06 15:45 - 00000488 _____ C:\Documents and Settings\anita *****\Desktop\defogger_disable.log
2014-01-06 15:44 - 2014-01-06 15:44 - 00000000 _____ C:\Documents and Settings\anita *****\defogger_reenable
2014-01-06 15:43 - 2014-01-06 15:43 - 00050477 _____ C:\Documents and Settings\anita *****\Desktop\Defogger.exe
2014-01-06 14:59 - 2006-05-16 18:34 - 00286720 _____ C:\Documents and Settings\anita *****\My Documents\wxvault1.dll
2014-01-06 14:42 - 2014-01-06 15:01 - 00000000 ____D C:\Documents and Settings\anita *****\Application Data\Wave Systems Corp
2014-01-04 15:21 - 2014-01-05 10:02 - 00000000 ____D C:\Documents and Settings\anita *****\My Documents\zeug
2014-01-04 15:21 - 2014-01-04 15:21 - 00000645 _____ C:\Documents and Settings\anita *****\My Documents\DIEMeisterarbeit.lnk
2014-01-04 13:07 - 2014-01-04 13:07 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-04 13:07 - 2014-01-04 13:07 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-04 12:38 - 2014-01-04 12:39 - 00000403 _____ C:\WINDOWS\wmsetup.log
2014-01-04 11:41 - 2014-01-04 15:30 - 00000000 ___RD C:\Documents and Settings\anita *****\Desktop\icons
2014-01-04 08:55 - 2014-01-04 13:07 - 00014460 _____ C:\WINDOWS\setupapi.log
2013-12-31 15:07 - 2013-12-31 15:07 - 00026950 _____ C:\Documents and Settings\anita *****\hs_err_pid1052.log
2013-12-24 18:43 - 2013-12-24 18:43 - 00028776 _____ C:\Documents and Settings\anita *****\hs_err_pid3856.log
2013-12-22 19:54 - 2013-12-23 10:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-18 08:17 - 2013-12-18 08:17 - 00026953 _____ C:\Documents and Settings\anita *****\hs_err_pid2708.log
2013-12-14 10:29 - 2013-12-14 10:29 - 00026709 _____ C:\Documents and Settings\anita *****\hs_err_pid2904.log
2013-12-10 14:48 - 2013-12-10 14:48 - 00026870 _____ C:\Documents and Settings\anita *****\hs_err_pid736.log

==================== One Month Modified Files and Folders =======

2014-01-06 15:50 - 2014-01-06 15:50 - 00014321 _____ C:\Documents and Settings\anita *****\Desktop\FRST.txt
2014-01-06 15:50 - 2014-01-06 15:50 - 00000000 ____D C:\FRST
2014-01-06 15:49 - 2014-01-06 15:48 - 01064805 _____ (Farbar) C:\Documents and Settings\anita *****\Desktop\FRST.exe
2014-01-06 15:45 - 2014-01-06 15:44 - 00000488 _____ C:\Documents and Settings\anita *****\Desktop\defogger_disable.log
2014-01-06 15:44 - 2014-01-06 15:44 - 00000000 _____ C:\Documents and Settings\anita *****\defogger_reenable
2014-01-06 15:44 - 2006-10-12 19:33 - 00000000 ____D C:\Documents and Settings\anita *****
2014-01-06 15:43 - 2014-01-06 15:43 - 00050477 _____ C:\Documents and Settings\anita *****\Desktop\Defogger.exe
2014-01-06 15:26 - 2004-08-10 19:02 - 01066904 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-06 15:25 - 2012-12-13 19:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-06 15:03 - 2004-08-10 19:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-06 15:03 - 2004-08-10 18:59 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-06 15:03 - 2004-08-10 18:59 - 00000050 _____ C:\WINDOWS\wiaservc.log
2014-01-06 15:02 - 2006-10-12 19:33 - 00000278 ___SH C:\Documents and Settings\anita *****\ntuser.ini
2014-01-06 15:02 - 2004-08-10 19:08 - 00032568 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-06 15:01 - 2014-01-06 14:42 - 00000000 ____D C:\Documents and Settings\anita *****\Application Data\Wave Systems Corp
2014-01-06 14:54 - 2006-09-16 05:45 - 00000000 ____D C:\Program Files\Broadcom
2014-01-06 14:52 - 2006-09-16 05:46 - 00000000 ____D C:\Program Files\Wave Systems Corp
2014-01-06 14:52 - 2006-09-16 05:41 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-06 14:49 - 2006-09-16 05:47 - 00000000 ____D C:\WINDOWS\system32\BioAPIFFDB
2014-01-05 20:48 - 2007-06-08 16:43 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2014-01-05 19:31 - 2004-08-10 19:02 - 00000000 ____D C:\WINDOWS\Registration
2014-01-05 14:35 - 2011-01-03 10:50 - 00000000 ___RD C:\Documents and Settings\anita *****\My Documents\Kaisergrub
2014-01-05 10:02 - 2014-01-04 15:21 - 00000000 ____D C:\Documents and Settings\anita *****\My Documents\zeug
2014-01-04 17:09 - 2010-12-27 09:56 - 00000000 ____D C:\Program Files\MoneyMaker
2014-01-04 15:30 - 2014-01-04 11:41 - 00000000 ___RD C:\Documents and Settings\anita *****\Desktop\icons
2014-01-04 15:29 - 2006-12-04 02:55 - 00000000 ____D C:\Program Files\KeyNote
2014-01-04 15:21 - 2014-01-04 15:21 - 00000645 _____ C:\Documents and Settings\anita *****\My Documents\DIEMeisterarbeit.lnk
2014-01-04 13:07 - 2014-01-04 13:07 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-04 13:07 - 2014-01-04 13:07 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-04 13:07 - 2014-01-04 08:55 - 00014460 _____ C:\WINDOWS\setupapi.log
2014-01-04 12:40 - 2004-08-10 18:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-04 12:39 - 2014-01-04 12:38 - 00000403 _____ C:\WINDOWS\wmsetup.log
2014-01-04 10:50 - 2011-05-29 08:08 - 00000000 ___RD C:\Documents and Settings\anita *****\My Documents\Meine Musik
2014-01-04 10:50 - 2008-01-24 04:02 - 00124928 ___SH C:\Documents and Settings\anita *****\My Documents\Thumbs.db
2014-01-01 11:07 - 2007-02-03 19:48 - 00000000 ____D C:\Program Files\CCleaner
2014-01-01 11:03 - 2012-07-25 14:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2013-12-31 15:07 - 2013-12-31 15:07 - 00026950 _____ C:\Documents and Settings\anita *****\hs_err_pid1052.log
2013-12-24 18:43 - 2013-12-24 18:43 - 00028776 _____ C:\Documents and Settings\anita *****\hs_err_pid3856.log
2013-12-23 10:36 - 2013-12-22 19:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-18 08:22 - 2013-03-02 08:38 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-18 08:22 - 2013-03-02 08:38 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-18 08:17 - 2013-12-18 08:17 - 00026953 _____ C:\Documents and Settings\anita *****\hs_err_pid2708.log
2013-12-14 13:14 - 2004-08-10 18:57 - 00379240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-14 10:29 - 2013-12-14 10:29 - 00026709 _____ C:\Documents and Settings\anita *****\hs_err_pid2904.log
2013-12-14 09:30 - 2009-09-19 11:03 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-14 09:29 - 2007-02-14 12:09 - 00893882 _____ C:\WINDOWS\system32\TZLog.log
2013-12-14 09:23 - 2013-07-29 19:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-14 09:16 - 2006-10-14 03:26 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-13 08:25 - 2012-03-31 15:18 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-13 08:25 - 2012-03-31 15:18 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-10 14:48 - 2013-12-10 14:48 - 00026870 _____ C:\Documents and Settings\anita *****\hs_err_pid736.log

Some content of TEMP:
====================
C:\Documents and Settings\anita *****\Local Settings\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-01-2014
Ran by anita ****** at 2014-01-06 15:51:30
Running from C:\Documents and Settings\anita ******\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection (Disabled) {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

==================== Installed Programs ======================

µTorrent (Version: 1.8.1 - )
7-Zip 4.57 (Version:  - )
Abacast Client (Version:  - )
Adobe Acrobat - Reader 6.0.2 Update (Version: 6.0.2 - Adobe Systems)
Adobe Acrobat 6.0.1 Standard (Version: 006.000.001 - Adobe Systems)
Adobe Acrobat and Reader 6.0.3 Update (Version: 6.0.3 - Adobe Systems)
Adobe Acrobat and Reader 6.0.4 Update (Version: 6.0.4 - Adobe Systems)
Adobe Acrobat and Reader 6.0.5 Update (Version: 6.0.5 - Adobe Systems)
Adobe Acrobat and Reader 6.0.6 Update (Version: 6.0.6 - Adobe Systems)
Adobe Atmosphere Player for Acrobat and Adobe Reader (Version:  - )
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 6.0.1 (Version: 006.000.001 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (Version:  - )
Audacity 1.2.6 (Version:  - )
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Bluetooth Stack for Windows by Toshiba (Version: v4.00.22(D) - )
Broadcom Advanced Control Suite (Version: 8.68.05 - Broadcom Corporation)
Canon Easy-PhotoPrint EX (Version:  - )
Canon Kurzwahlprogramm (Version:  - )
Canon MP Navigator EX 5.1 (Version:  - )
Canon MX890 series MP Drivers (Version:  - )
Canon MX890 series On-screen Manual (Version:  - )
Canon My Printer (Version:  - )
Canon Solution Menu EX (Version:  - )
CCleaner (Version: 4.09 - Piriform)
ClamWin Free Antivirus 0.98 (Version:  - alch)
Conexant HDA D110 MDC V.92 Modem (Version:  - )
Corel Uninstaller (Version:  - )
Digital Line Detect (Version: 1.15 - BVRP Software, Inc)
eQ-3 USB Serial Converter Drivers (Version: 2.00.00.2 - eQ-3 Entwicklung GmbH)
Foxit Reader (Version:  - )
GE 98067 MiniCam Pro (Version: 4.11.0.3 - )
Google SketchUp 8 (Version: 3.0.11762 - Google, Inc.)
Intel(R) Graphics Media Accelerator Driver (Version: 6.14.10.4446 - )
Intel(R) PROSet/Wireless Software (Version: 10.1.0.3 - Intel Corporation)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KeyNote 1.6.5 (Version:  - )
LADSPA_plugins-win-0.4.15 (Version:  - Audacity Team)
mCore (Version: 5.45.0000 - Intel Corporation) Hidden
mDrWiFi (Version: 5.45.0000 - Intel Corporation) Hidden
mHlpDell (Version: 5.45.0000 - Intel) Hidden
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office Outlook 2003 with Business Contact Manager Update (Version: 2.0.4013.0 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) (Version: 8.00.2039 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
mIWA (Version: 5.45.0000 - Intel Corporation) Hidden
mLogView (Version: 5.45.0000 - Intel Corporation) Hidden
mMHouse (Version: 5.45.0000 - Intel Corporation) Hidden
Modem Helper (Version: 3.02 - BVRP Software)
MoneyMaker (Version: 20.05.2010 - Moneysoft Softwarevertriebs - GesmbH)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
mPfMgr (Version: 5.45.0000 - Intel Corporation) Hidden
mPfWiz (Version: 5.45.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
mSSO (Version: 5.45.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0 - Microsoft Corporation)
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mWMI (Version: 5.45.0000 - Intel Corporation) Hidden
mXML (Version: 5.45.0000 - Intel Corporation) Hidden
mZConfig (Version: 5.45.0000 - Intel Corporation) Hidden
NetWaiting (Version: 2.5.23 - BVRP Software, Inc)
NTRU Hybrid TSS v2.0.25 (Version: 2.0.25 - NTRU Cryptosystems) Hidden
QuickSet (Version: 7.1.10 - )
Roxio DLA (Version: 5.2.0 - Roxio)
Roxio RecordNow Audio (Version: 2.0.4 - Roxio)
Roxio RecordNow Copy (Version: 2.0.4 - Roxio)
Roxio RecordNow Data (Version: 2.0.4 - Roxio)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Skype™ 5.5 (Version: 5.5.124 - Skype Technologies S.A.)
Symantec KB-DocID:2003093015493306 (Version: 1.0.0.1 - Symantec Corporation) Hidden
Tweak UI (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1 - Microsoft Corporation)
VideoLAN VLC media player 0.8.5 (Version: 0.8.5 - VideoLAN Team)
WeatherProfessional (Version:  - ELV Elektronik AG)
WeatherProfessional (Version: 1.83 - ELV Elektronik AG) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0 - MobileTop)
Windows Driver Package - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0 - MobileTop)
Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Resource Kit Tools - SubInAcl.exe (Version: 5.2.3790.1164 - Microsoft Corporation)
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

09-12-2013 18:32:57 System Checkpoint
09-12-2013 21:01:49 System Checkpoint
13-12-2013 08:03:52 System Checkpoint
14-12-2013 08:15:11 Software Distribution Service 3.0
14-12-2013 11:33:42 Software Distribution Service 3.0
16-12-2013 08:31:37 System Checkpoint
17-12-2013 10:55:54 System Checkpoint
18-12-2013 13:05:12 System Checkpoint
19-12-2013 13:32:57 System Checkpoint
21-12-2013 10:24:46 System Checkpoint
22-12-2013 19:35:15 System Checkpoint
24-12-2013 09:09:17 System Checkpoint
25-12-2013 11:04:09 System Checkpoint
27-12-2013 11:53:58 System Checkpoint
28-12-2013 12:38:37 System Checkpoint
29-12-2013 16:49:19 System Checkpoint
30-12-2013 18:11:12 System Checkpoint
01-01-2014 10:34:51 System Checkpoint
02-01-2014 11:57:09 System Checkpoint
03-01-2014 20:26:19 System Checkpoint
05-01-2014 11:56:50 System Checkpoint
06-01-2014 12:02:40 System Checkpoint
06-01-2014 13:47:11 Configured EMBASSY Trust Suite by Wave Systems
06-01-2014 13:47:44 Configured ETS Upgrade
06-01-2014 13:48:03 Configured Wave Support Software
06-01-2014 13:49:42 Configured Document Manager Lite
06-01-2014 13:50:10 Configured Private Information Manager
06-01-2014 13:50:35 Configured EMBASSY Security Center
06-01-2014 13:52:11 Configured Security Wizards
06-01-2014 13:52:28 Configured Secure Update
06-01-2014 13:52:44 Configured ETS Launch Pad
06-01-2014 13:53:58 Removed Broadcom TPM Driver Installer
06-01-2014 13:54:15 Removed EMBASSY Trust Suite by Wave Systems

==================== Hosts content: ==========================

2004-08-10 18:51 - 2010-03-28 17:10 - 00381022 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	123topsearch.com
127.0.0.1	www.123topsearch.com
127.0.0.1	132.com
127.0.0.1	www.132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
127.0.0.1	163ns.com
127.0.0.1	www.163ns.com
127.0.0.1	171203.com
127.0.0.1	17-plus.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2004-07-20 23:04 - 2004-07-20 23:04 - 00094208 _____ () C:\WINDOWS\system32\TosBtHcrpAPI.dll
2013-03-02 08:38 - 2013-03-02 08:25 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2007-08-10 06:07 - 1997-11-18 17:34 - 00907264 ____N () C:\Corel\Graphics8\programs\CMFFld80.dll
2008-03-20 20:39 - 2008-04-19 15:35 - 00081920 _____ () C:\Program Files\ClamWin\bin\ExpShell.dll
2008-03-20 20:39 - 2005-02-08 17:23 - 00979005 _____ () C:\Program Files\ClamWin\bin\python23.dll
2008-03-20 20:39 - 2004-11-20 03:27 - 00069632 _____ () C:\Program Files\ClamWin\lib\win32api.pyd
2008-03-20 20:39 - 2004-10-11 20:21 - 00094208 _____ () C:\Program Files\ClamWin\lib\pywintypes23.dll
2008-03-20 20:39 - 2004-05-25 21:18 - 00057401 _____ () C:\Program Files\ClamWin\lib\_sre.pyd
2008-03-20 20:39 - 2004-11-20 03:27 - 00086016 _____ () C:\Program Files\ClamWin\lib\win32gui.pyd
2008-03-20 20:39 - 2004-11-20 03:27 - 00024576 _____ () C:\Program Files\ClamWin\lib\win32event.pyd
2008-03-20 20:39 - 2004-11-20 03:27 - 00036864 _____ () C:\Program Files\ClamWin\lib\win32process.pyd
2008-03-20 20:39 - 2004-05-25 21:18 - 00049212 _____ () C:\Program Files\ClamWin\lib\_socket.pyd
2008-03-20 20:39 - 2004-05-25 21:18 - 00495616 _____ () C:\Program Files\ClamWin\lib\_ssl.pyd
2008-03-20 20:39 - 2004-05-25 21:20 - 00036864 _____ () C:\Program Files\ClamWin\lib\_winreg.pyd
2008-03-20 20:39 - 2004-10-11 20:22 - 00315392 _____ () C:\Program Files\ClamWin\lib\pythoncom23.dll
2008-03-20 20:39 - 2004-11-20 03:27 - 00106496 _____ () C:\Program Files\ClamWin\lib\shell.pyd
2008-03-20 20:39 - 2004-11-20 03:27 - 00065536 _____ () C:\Program Files\ClamWin\lib\win32security.pyd
2008-04-20 18:08 - 2004-01-15 14:45 - 00061440 _____ () C:\Program Files\ClamWin\lib\_ctypes.pyd
2008-03-20 20:39 - 2004-11-20 03:27 - 00077824 _____ () C:\Program Files\ClamWin\lib\win32file.pyd
2008-03-20 20:39 - 2004-11-20 03:27 - 00024576 _____ () C:\Program Files\ClamWin\lib\win32pipe.pyd
2008-03-20 20:39 - 2003-10-01 13:40 - 02240512 _____ () C:\Program Files\ClamWin\lib\wxc.pyd
2008-03-20 20:39 - 2003-10-01 11:43 - 03239936 _____ () C:\Program Files\ClamWin\lib\wxmsw24h.dll
2008-03-20 20:39 - 2003-08-10 09:14 - 00061440 _____ () C:\Program Files\ClamWin\lib\mxDateTime.pyd
2008-03-20 20:39 - 2004-05-25 21:17 - 00622651 _____ () C:\Program Files\ClamWin\lib\_bsddb.pyd
2008-03-20 20:39 - 2004-05-25 21:19 - 00045117 _____ () C:\Program Files\ClamWin\lib\datetime.pyd
2013-12-22 19:54 - 2013-12-22 19:55 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Intel(R) PRO/Wireless 3945ABG Network Connection
Description: Intel(R) PRO/Wireless 3945ABG Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: w39n51
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/06/2014 02:43:43 PM) (Source: Wave.Authentication) (User: )
Description: TPM State is invalid
   at Wave.Authentication.AMInterface.AMCredential.IsUserEnrolled(String userNameIn, String domainNameIn)

Error: (01/06/2014 02:43:43 PM) (Source: Wave.Authentication) (User: )
Description: The TPM is off
   at TrustedPlatformManager.CPlatformManagerClass.get_Enabled()
   at Wave.Authentication.AMInterface.AMCredential.IsTPMStateValid()

Error: (01/04/2014 00:14:38 PM) (Source: Application Error) (User: )
Description: Faulting application vlc.exe, version 0.8.5.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037740.
Processing media-specific event for [vlc.exe!ws!]

Error: (01/02/2014 08:15:49 PM) (Source: MsiInstaller) (User: ANITA)
Description: Product: Adobe Acrobat 6.0.1 Standard -- Error 1706.No valid source could be found for product Adobe Acrobat 6.0.1 Standard.  The Windows Installer cannot continue.

Error: (01/01/2014 07:53:45 PM) (Source: Application Hang) (User: )
Description: Hanging application coreldrw.exe, version 8.232.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/01/2014 07:51:28 PM) (Source: Application Hang) (User: )
Description: Hanging application coreldrw.exe, version 8.232.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/01/2014 07:51:28 PM) (Source: Application Hang) (User: )
Description: Hanging application coreldrw.exe, version 8.232.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/01/2014 09:29:18 AM) (Source: Application Hang) (User: )
Description: Hanging application coreldrw.exe, version 8.232.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/31/2013 04:47:29 PM) (Source: MsiInstaller) (User: ANITA)
Description: Product: Adobe Acrobat 6.0.1 Standard -- Error 1706.No valid source could be found for product Adobe Acrobat 6.0.1 Standard.  The Windows Installer cannot continue.

Error: (12/31/2013 04:44:18 PM) (Source: Application Hang) (User: )
Description: Hanging application coreldrw.exe, version 8.232.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (01/06/2014 03:05:54 PM) (Source: Service Control Manager) (User: )
Description: The NTRU Hybrid TSS v2.0.25 TCS service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/06/2014 03:05:54 PM) (Source: Service Control Manager) (User: )
Description: The NTRU Hybrid TSS v2.0.25 TCS service hung on starting.

Error: (01/06/2014 03:03:43 PM) (Source: Service Control Manager) (User: )
Description: The Symantec Core LC service failed to start due to the following error: 
%%3

Error: (01/06/2014 03:03:43 PM) (Source: Service Control Manager) (User: )
Description: The DataSvr2 service failed to start due to the following error: 
%%2

Error: (01/06/2014 03:03:43 PM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless SSO Service service depends on the Intel(R) PROSet/Wireless Service service which failed to start because of the following error: 
%%2

Error: (01/06/2014 03:03:43 PM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless Service service failed to start due to the following error: 
%%2

Error: (01/05/2014 09:23:09 AM) (Source: Service Control Manager) (User: )
Description: The Symantec Core LC service failed to start due to the following error: 
%%3

Error: (01/05/2014 09:23:09 AM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless SSO Service service depends on the Intel(R) PROSet/Wireless Service service which failed to start because of the following error: 
%%2

Error: (01/05/2014 09:23:09 AM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless Service service failed to start due to the following error: 
%%2

Error: (01/03/2014 08:16:08 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.


Microsoft Office Sessions:
=========================
Error: (10/08/2009 07:38:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: 10Microsoft Office Visio12.0.4518.101412.0.4518.101427860


==================== Memory info =========================== 

Percentage of memory in use: 77%
Total physical RAM: 1014.11 MB
Available physical RAM: 231.68 MB
Total Pagefile: 2440.63 MB
Available Pagefile: 1515.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.22 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:37.19 GB) (Free:13.62 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=37 GB) - (Type=07 NTFS)

==================== End Of Log ============================
GMER
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-06 16:53:59
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541040G9SA00 rev.MB2OC60R 37,26GB
Running: gmer_2.1.19163.exe; Driver: C:\DOCUME~1\ANITAP~1\LOCALS~1\Temp\kgtdrpoc.sys


---- System - GMER 2.1 ----

SSDT            F7D0417C                  ZwClose
SSDT            F7D04136                  ZwCreateKey
SSDT            F7D04186                  ZwCreateSection
SSDT            F7D0412C                  ZwCreateThread
SSDT            F7D0413B                  ZwDeleteKey
SSDT            F7D04145                  ZwDeleteValueKey
SSDT            F7D04177                  ZwDuplicateObject
SSDT            F7D0414A                  ZwLoadKey
SSDT            F7D04118                  ZwOpenProcess
SSDT            F7D0411D                  ZwOpenThread
SSDT            F7D0419F                  ZwQueryValueKey
SSDT            F7D04154                  ZwReplaceKey
SSDT            F7D04190                  ZwRequestWaitReplyPort
SSDT            F7D0414F                  ZwRestoreKey
SSDT            F7D0418B                  ZwSetContextThread
SSDT            F7D04195                  ZwSetSecurityObject
SSDT            F7D04140                  ZwSetValueKey
SSDT            F7D0419A                  ZwSystemDebugControl
SSDT            F7D04127                  ZwTerminateProcess

---- Devices - GMER 2.1 ----

Device          \FileSystem\Fastfat \Fat  A906BD20

AttachedDevice  \FileSystem\Fastfat \Fat  fltmgr.sys

Device          \FileSystem\Cdfs \Cdfs    DLAIFS_M.SYS

---- EOF - GMER 2.1 ----

Clamwin
Code:
ATTFilter
---------- SCAN SUMMARY -----------
Known viruses: 3052839
Engine version: 0.98
Scanned directories: 7902
Scanned files: 74971
Infected files: 25
Not copied: 25
Data scanned: 20479.84 MB
Data read: 22419.65 MB (ratio 0.91:1)
Time: 11679.109 sec (194 m 39 s)

Scan Started Sat Jan 04 09:13:41 2014
-------------------------------------------------------------------------------

C:\Documents and Settings\All Users\.clamwin\quarantine\2c79c7c8.msi.infected: Win.Trojan.Delf-12083 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\2c79c7c8.msi.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_de.dll.infected: Win.Trojan.Agent-326844 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_de.dll.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_de.dll.infected.000.infected: Win.Trojan.Agent-326844 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_de.dll.infected.000.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_en.dll.infected: Win.Trojan.Fakesmoke-59 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_en.dll.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_en.dll.infected.000.infected: Win.Trojan.Fakesmoke-59 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_en.dll.infected.000.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_es.dll.infected: Win.Trojan.Fakesmoke-90 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_es.dll.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_es.dll.infected.000.infected: Win.Trojan.Fakesmoke-90 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_es.dll.infected.000.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_fr.dll.infected: Win.Trojan.Fakesmoke-36 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_fr.dll.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_fr.dll.infected.000.infected: Win.Trojan.Fakesmoke-36 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_fr.dll.infected.000.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_it.dll.infected: Win.Trojan.Agent-169581 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_it.dll.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_it.dll.infected.000.infected: Win.Trojan.Agent-169581 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_it.dll.infected.000.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_ja.dll.infected: Win.Trojan.Fakesmoke-172 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_ja.dll.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_ja.dll.infected.000.infected: Win.Trojan.Fakesmoke-172 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_ja.dll.infected.000.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\browseui.dll.infected: Win.Trojan.Agent-570553 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\browseui.dll.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\ISSetup.dll.infected: Win.Trojan.Agent-516645 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\ISSetup.dll.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\Samsung New PC Studio.msi.infected: Win.Trojan.Delf-12083 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\Samsung New PC Studio.msi.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected: Win.Trojan.Agent-516645 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.000.infected: Win.Trojan.Agent-516645 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.000.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.001.infected: Win.Trojan.Agent-516645 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.001.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.002.infected: Win.Trojan.Agent-516645 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.002.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.003.infected: Win.Trojan.Agent-516645 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.003.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.004.infected: Win.Trojan.Agent-516645 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.004.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.005.infected: Win.Trojan.Agent-516645 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.005.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.006.infected: Win.Trojan.Agent-516645 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.006.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\Wave Infrastructure.msi.infected: Win.Trojan.Fakesmoke-36 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\Wave Infrastructure.msi.infected not moved/copied since already in quarantine
WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\scaninfo(1808).tmp: Permission denied
WARNING: Can't open file C:\hiberfil.sys: Permission denied
WARNING: Can't open file C:\pagefile.sys: Permission denied
WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf: Permission denied
WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf: Permission denied
WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf: Permission denied
WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf: Permission denied
WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf: Permission denied
WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf: Permission denied

Avira

Code:
ATTFilter
Exportierte Ereignisse:

04.01.2014 15:00 [System-Scanner] Malware gefunden
      Die Datei 'C:\Documents and Settings\anita *****\Local Settings\Application 
      Data\Sun\Java\Deployment\cache\6.0\61\141fda7d-63538d58'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-2465.G.Gen' 
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '562cb040.qua' 
      verschoben!

 

Themen zu Win XP: Avira fand "EXP/CVE-2013-2465.G.Gen"; ClamWin findet Trojaner
4d36e972-e325-11ce-bfc1-08002be10318, adblock, antivir, antivirus, avira, computer, converter, failed, firefox, flash player, helper, home, homepage, launch, malware, mozilla, msiinstaller, plug-in, pop-up-blocker, registry, scan, security, server, sketchup, software, svchost.exe, symantec, system, trojaner, virus, windows, windows xp, wscript.exe


« Windows 7: USB-Stick erstellt verknüpfungen zu jedem File/Ordner und versteckt die echten Files/Ordner | Windows7: Wie kann ich PC Performer entfernen? »


Ähnliche Themen: Win XP: Avira fand "EXP/CVE-2013-2465.G.Gen"; ClamWin findet Trojaner


  1. Windows 8.1 "Telekom-Trojaner" Avira meldet "Emotet.A.43"
    Log-Analyse und Auswertung - 24.11.2014 (9)
  2. Windows 8.1: Avira findet "TR/Swrort.A.10259" in "C:\Program Files (x86)\Google\Chrome\Application\old_chrome.exe"
    Plagegeister aller Art und deren Bekämpfung - 23.07.2014 (3)
  3. Windows XP: Avira findet "TR.Trash.Gen" [trojan]
    Log-Analyse und Auswertung - 17.06.2014 (26)
  4. Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird
    Log-Analyse und Auswertung - 05.06.2014 (7)
  5. Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (77)
  6. Avira Scan findet "46 Viruses and/or unwanted programs"
    Log-Analyse und Auswertung - 19.10.2013 (16)
  7. Win 7 32 Bit - Avira findet immer wieder diesen Virus "HTML/Malicious.Flash.Gen"
    Log-Analyse und Auswertung - 05.10.2013 (12)
  8. Win XP: Meldung "Server ausgelastet...", Avira findet EXP/CVE-2012-1723.A.4222 und EXP/CVE-2011-3402
    Log-Analyse und Auswertung - 26.09.2013 (41)
  9. SIGINT 2013: "Ruby is Magic!", "Transparenzgesetz – Quo Vadis?"
    Nachrichten - 11.06.2013 (0)
  10. Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden
    Log-Analyse und Auswertung - 24.05.2013 (9)
  11. EXP/Js.Expack.CQ -- danach rechner langsam, avira findet 88 verstecke objekte und "mögliche archivbombe"
    Plagegeister aller Art und deren Bekämpfung - 17.12.2012 (1)
  12. Avira findet "BOO/Whistler.A" in Masterbootsektor HD0 Bootsektor 'C:\', lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (51)
  13. Bundespolizei Ukash Trojaner ; "Xubuntu 12.04" findet Laufwerk "C" nicht.
    Plagegeister aller Art und deren Bekämpfung - 15.06.2012 (1)
  14. Avira findet "TR/Rogue.kdv.623486" und "EXP/12-0507.BD.2.B"
    Plagegeister aller Art und deren Bekämpfung - 20.05.2012 (3)
  15. Avira findet "TR.Swizzor.aafj" "TR.Swisyn.aiwd.1"
    Log-Analyse und Auswertung - 22.08.2011 (4)
  16. Avira Antivir findet "TR/Click.Yabector.8857.2"
    Plagegeister aller Art und deren Bekämpfung - 28.10.2009 (1)
  17. eTrust fand "einen" Trojaner, danach AntiVir noch "vier"..!!??
    Plagegeister aller Art und deren Bekämpfung - 26.12.2005 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win XP: Avira fand "EXP/CVE-2013-2465.G.Gen"; ClamWin findet Trojaner - Hallo liebes trojaner-board-Team! Nach den Nachrichten, dass via Yahoo Malware verbreitet wurde, hab ich Clamwin und Avira laufen lassen und beide haben was gefunden: div. Trojaner und "EXP/CVE-2013-2465.G.Gen". Probleme an - Win XP: Avira fand "EXP/CVE-2013-2465.G.Gen"; ClamWin findet Trojaner...
Archiv
Du betrachtest: Win XP: Avira fand "EXP/CVE-2013-2465.G.Gen"; ClamWin findet Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131