| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Smart Guard ProtectionWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.01.2014, 22:54
| #1 |
| |  Smart Guard Protection Hallo, habe mir auch soeben die o.g. Malware oder wie auch immer man es nennt eingefangen. Ist es hilfreich, den Link, woher ich es habe zu posten? Hier die FRST Logfiles: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014
Ran by BINE (administrator) on BINE-LAPTOP on 07-01-2014 22:33:15
Running from C:\Users\BINE\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) ===================
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-01] (Synaptics, Inc.)
HKLM\...\Run: [ATKMEDIA] - C:\Program Files\ASUS\ATK Media\DMedia.exe [61440 2006-11-02] (ASUSTeK Computer INC.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Realtime Audio Engine] - "mmrtkrnl.exe" /i
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AS2014] - C:\ProgramData\7VrpngX3\7VrpngX3.exe [551936 2014-01-07] ()
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Run: [Google Update] - C:\Users\BINE\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-17] (Google Inc.)
HKCU\...\Run: [AS2014] - C:\ProgramData\7VrpngX3\7VrpngX3.exe [551936 2014-01-07] ()
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: G - G:\SETUP.EXE
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT
Startup: C:\Users\BINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\BINE\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x67A362C7CA9FCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
SearchScopes: HKCU - DefaultScope {F65E02EC-DC99-4858-9834-6129367F36AD} URL = hxxp://www.google.at/search?q={searchTerms}
SearchScopes: HKCU - {F65E02EC-DC99-4858-9834-6129367F36AD} URL = hxxp://www.google.at/search?q={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default
FF user.js: detected! => C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.at/
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF NetworkProxy: "backup.ftp", "proxy.aon.at"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.gopher", "proxy.aon.at"
FF NetworkProxy: "backup.gopher_port", 8080
FF NetworkProxy: "backup.socks", "proxy.aon.at"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "proxy.aon.at"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "proxy.aon.at"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "proxy.aon.at"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "proxy.aon.at"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "*.aon.at,*.jet2web.net,localhost,127.0.0.1"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.aon.at"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "proxy.aon.at"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\BINE\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\BINE\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\BINE\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\BINE\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\BINE\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: CrystalFox Qute - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\CrystalFox_Qute@BigRedBrent
FF Extension: Xmarks - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\foxmarks@kei.com
FF Extension: Silver Skin - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\{2A10B180-05EF-11D9-8C50-444553540001}
FF Extension: Qute - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
FF Extension: BlackJapan - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\{904524FC-3F89-11DA-8BDE-F66BAD1E3F3A}
FF Extension: Noia 2.0 (eXtreme) - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF Extension: DownloadHelper - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Facicons - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\{DDABDBA1-2377-4A30-A027-25697B99E254}
FF Extension: Adblock Plus - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Tab Mix Plus - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
========================== Services (Whitelisted) =================
S2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-01] (Avira Operations GmbH & Co. KG)
S2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-02] ()
S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
S2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
==================== Drivers (Whitelisted) ====================
R0 AsDsm; C:\Windows\System32\Drivers\AsDsm.sys [30264 2013-03-17] (ASUSTek Computer Inc)
S2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-19] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-19] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.)
S1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [14912 2003-07-11] (IBM)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2009-05-13] (ASUS)
S3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-24] (June Fabrics Technology Inc.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1743232 2011-11-12] ()
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2012-11-28] (TeamViewer GmbH)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-07 22:33 - 2014-01-07 22:33 - 00013516 _____ C:\Users\BINE\Desktop\FRST.txt
2014-01-07 22:33 - 2014-01-07 22:33 - 00000000 ____D C:\FRST
2014-01-07 22:32 - 2014-01-07 22:32 - 01064805 _____ (Farbar) C:\Users\BINE\Desktop\FRST.exe
2014-01-07 22:05 - 2014-01-07 22:05 - 00001666 _____ C:\Users\BINE\Desktop\Smart Guard Protection.lnk
2014-01-07 22:05 - 2014-01-07 22:05 - 00000112 _____ C:\Users\BINE\Desktop\Smart Guard Protection support.url
2014-01-07 21:46 - 2014-01-07 21:46 - 00000000 ____D C:\Users\BINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
2014-01-07 21:41 - 2014-01-07 22:06 - 00000000 ____D C:\ProgramData\7VrpngX3
2014-01-04 21:57 - 2014-01-04 21:57 - 00000000 ____D C:\Users\BINE\AppData\Roaming\TomTom
2014-01-04 11:13 - 2014-01-07 22:04 - 00002600 _____ C:\Windows\setupact.log
2014-01-04 11:13 - 2014-01-04 11:13 - 00000000 _____ C:\Windows\setuperr.log
2013-12-30 17:35 - 2013-12-30 17:35 - 00000000 ____D C:\Users\BINE\Documents\TomTom
2013-12-30 17:35 - 2013-12-30 17:35 - 00000000 ____D C:\ProgramData\TomTom
2013-12-30 17:33 - 2013-12-30 17:33 - 00000000 ____D C:\Users\BINE\AppData\Local\TomTom
2013-12-30 17:32 - 2013-12-30 17:39 - 00000000 ____D C:\Program Files\TomTom HOME 2
2013-12-30 17:32 - 2013-12-30 17:32 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-12-30 17:32 - 2013-12-30 17:32 - 00000000 ____D C:\Program Files\TomTom DesktopSuite
2013-12-27 20:57 - 2013-12-28 11:40 - 00000000 ____D C:\Users\BINE\AppData\Roaming\Apple Computer
2013-12-27 20:57 - 2013-12-27 20:57 - 00000000 ____D C:\Users\BINE\AppData\Local\Apple Computer
2013-12-27 20:40 - 2013-12-27 20:40 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-27 20:40 - 2013-12-27 20:40 - 00000000 ____D C:\Program Files\QuickTime
2013-12-27 20:38 - 2013-12-27 20:38 - 00000000 ____D C:\Users\BINE\AppData\Local\Apple
2013-12-27 20:38 - 2013-12-27 20:38 - 00000000 ____D C:\ProgramData\Apple
2013-12-27 20:38 - 2013-12-27 20:38 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-27 20:38 - 2013-12-27 20:38 - 00000000 ____D C:\Program Files\Apple Software Update
2013-12-26 20:21 - 2013-12-26 20:21 - 00000257 _____ C:\Windows\system32\TeamViewer9_Hooks.log
2013-12-24 22:56 - 2013-12-24 22:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-23 20:32 - 2013-12-23 20:32 - 04558848 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2013-12-12 22:25 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 22:25 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 22:25 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 22:25 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 22:25 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 22:25 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 22:25 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 22:25 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 22:25 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 22:25 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 22:25 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 22:25 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 22:25 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 22:25 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 22:25 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 22:25 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 22:24 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 22:24 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 22:24 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 22:20 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 22:20 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 21:10 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 21:10 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 21:10 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 21:10 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 21:10 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 21:10 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 21:10 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 21:09 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 21:09 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 21:09 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 21:09 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
==================== One Month Modified Files and Folders =======
2014-01-07 22:33 - 2014-01-07 22:33 - 00013516 _____ C:\Users\BINE\Desktop\FRST.txt
2014-01-07 22:33 - 2014-01-07 22:33 - 00000000 ____D C:\FRST
2014-01-07 22:32 - 2014-01-07 22:32 - 01064805 _____ (Farbar) C:\Users\BINE\Desktop\FRST.exe
2014-01-07 22:22 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\LogFiles
2014-01-07 22:10 - 2009-07-14 05:34 - 00026080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-07 22:10 - 2009-07-14 05:34 - 00026080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-07 22:09 - 2013-06-03 21:25 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-07 22:07 - 2012-06-05 18:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-07 22:06 - 2014-01-07 21:41 - 00000000 ____D C:\ProgramData\7VrpngX3
2014-01-07 22:05 - 2014-01-07 22:05 - 00001666 _____ C:\Users\BINE\Desktop\Smart Guard Protection.lnk
2014-01-07 22:05 - 2014-01-07 22:05 - 00000112 _____ C:\Users\BINE\Desktop\Smart Guard Protection support.url
2014-01-07 22:05 - 2013-06-03 21:25 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-07 22:05 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-07 22:04 - 2014-01-04 11:13 - 00002600 _____ C:\Windows\setupact.log
2014-01-07 22:00 - 2011-11-11 08:48 - 00092556 _____ C:\Windows\PFRO.log
2014-01-07 21:48 - 2012-07-17 18:53 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708869487-2778097473-442525102-1000UA.job
2014-01-07 21:46 - 2014-01-07 21:46 - 00000000 ____D C:\Users\BINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
2014-01-07 21:42 - 2012-06-05 18:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-07 21:42 - 2011-11-13 11:58 - 00000000 ____D C:\Users\BINE\AppData\Local\Adobe
2014-01-07 21:42 - 2011-11-12 18:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-07 21:39 - 2011-11-10 16:18 - 02024689 _____ C:\Windows\WindowsUpdate.log
2014-01-07 19:42 - 2009-11-10 19:44 - 01507340 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-07 19:37 - 2013-05-04 18:23 - 00000000 ____D C:\Users\BINE\AppData\Roaming\Dropbox
2014-01-06 17:48 - 2012-07-17 18:53 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708869487-2778097473-442525102-1000Core.job
2014-01-04 21:57 - 2014-01-04 21:57 - 00000000 ____D C:\Users\BINE\AppData\Roaming\TomTom
2014-01-04 15:29 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2014-01-04 13:13 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2014-01-04 11:13 - 2014-01-04 11:13 - 00000000 _____ C:\Windows\setuperr.log
2014-01-04 00:41 - 2009-07-14 09:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2014-01-04 00:41 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-30 17:39 - 2013-12-30 17:32 - 00000000 ____D C:\Program Files\TomTom HOME 2
2013-12-30 17:37 - 2011-12-18 17:26 - 00000000 ____D C:\Users\BINE\AppData\Local\Downloaded Installations
2013-12-30 17:35 - 2013-12-30 17:35 - 00000000 ____D C:\Users\BINE\Documents\TomTom
2013-12-30 17:35 - 2013-12-30 17:35 - 00000000 ____D C:\ProgramData\TomTom
2013-12-30 17:33 - 2013-12-30 17:33 - 00000000 ____D C:\Users\BINE\AppData\Local\TomTom
2013-12-30 17:32 - 2013-12-30 17:32 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-12-30 17:32 - 2013-12-30 17:32 - 00000000 ____D C:\Program Files\TomTom DesktopSuite
2013-12-28 20:43 - 2013-03-13 19:54 - 00000000 ____D C:\Users\BINE\AppData\Roaming\Mp3tag
2013-12-28 20:11 - 2013-03-13 19:54 - 00000000 ____D C:\Program Files\Mp3tag
2013-12-28 11:40 - 2013-12-27 20:57 - 00000000 ____D C:\Users\BINE\AppData\Roaming\Apple Computer
2013-12-27 20:57 - 2013-12-27 20:57 - 00000000 ____D C:\Users\BINE\AppData\Local\Apple Computer
2013-12-27 20:57 - 2013-03-24 20:53 - 00000000 ____D C:\Users\BINE\AppData\Roaming\vlc
2013-12-27 20:40 - 2013-12-27 20:40 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-27 20:40 - 2013-12-27 20:40 - 00000000 ____D C:\Program Files\QuickTime
2013-12-27 20:38 - 2013-12-27 20:38 - 00000000 ____D C:\Users\BINE\AppData\Local\Apple
2013-12-27 20:38 - 2013-12-27 20:38 - 00000000 ____D C:\ProgramData\Apple
2013-12-27 20:38 - 2013-12-27 20:38 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-27 20:38 - 2013-12-27 20:38 - 00000000 ____D C:\Program Files\Apple Software Update
2013-12-27 13:47 - 2009-07-14 05:33 - 00428656 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-26 20:36 - 2011-11-12 09:09 - 00114280 _____ C:\Users\BINE\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-26 20:21 - 2013-12-26 20:21 - 00000257 _____ C:\Windows\system32\TeamViewer9_Hooks.log
2013-12-26 20:20 - 2013-03-31 20:33 - 00000000 ____D C:\Program Files\TeamViewer
2013-12-24 23:49 - 2012-05-19 20:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-24 22:56 - 2013-12-24 22:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-24 20:15 - 2013-05-04 18:24 - 00000000 ____D C:\Users\BINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-23 20:32 - 2013-12-23 20:32 - 04558848 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2013-12-19 20:40 - 2013-05-07 18:03 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-19 20:40 - 2012-12-20 18:51 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-19 20:40 - 2012-12-20 18:51 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-12 22:24 - 2013-03-22 22:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 22:22 - 2013-08-17 15:29 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 22:21 - 2009-10-14 03:21 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-10 20:05 - 2011-11-11 13:48 - 00000000 ____D C:\Program Files\Google
Some content of TEMP:
====================
C:\Users\BINE\AppData\Local\Temp\avgnt.exe
C:\Users\BINE\AppData\Local\Temp\msi28722.exe
C:\Users\BINE\AppData\Local\Temp\ose00000.exe
C:\Users\BINE\AppData\Local\Temp\_is5659.exe
C:\Users\BINE\AppData\Local\Temp\_isA562.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-30 10:12
==================== End Of Log ============================
--- --- --- und hier das Additional: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-01-2014
Ran by BINE at 2014-01-07 22:34:03
Running from C:\Users\BINE\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (Version: - )
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AllDup 3.4.18 (Version: 3.4.18 - Michael Thummerer Software Design)
Apple Application Support (Version: 2.3.4 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ASUS Data Security Manager (Version: 1.00.0014 - ASUS)
ATK Generic Function Service (Version: 1.00.0008 - ATK)
ATK Hotkey (Version: 1.00.0017 - ATK)
ATK Media (Version: - )
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
BIPA FotoShop (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
BPM-Studio 4 Demo (Version: 4.9.94 - AlcaTech)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C5100 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c5100_Help (Version: 82.0.256.000 - Hewlett-Packard) Hidden
ConvertHelper 2.2 (Version: - DownloadHelper)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (Version: 2.4.10 - Dropbox, Inc.)
EASEUS Data Recovery Wizard Professional 5.0.1 (Version: - EASEUS)
EasyBCD 1.7.2 (Version: 1.7.2 - NeoSmart Technologies)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Exifer (Version: - Friedemann Schmidt)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FileZilla Client 3.5.3 (Version: 3.5.3 - FileZilla Project)
Free PDF to Word Doc Converter v1.1 (Version: 1.1 - www.hellopdf.com)
FreeCommander 2009.02b (Version: 2009.02 - Marek Jasinski)
Galaxy Nexus ToolKit (Version: 7.4.0.0 - skipsoft)
GmoteServer (Version: 2.0.2 - Gmote.org)
Google Earth (Version: 7.1.2.2041 - Google)
Google Talk Plugin (Version: 4.9.1.16010 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (Version: 3.5 - HP)
HP Product Detection (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.51 (Version: 4.51 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Update (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HTC BMP USB Driver (Version: 1.0.5375 - HTC)
HTC Driver Installer (Version: 3.0.0.021 - HTC Corporation)
HTC Sync (Version: 3.2.20 - HTC Corporation)
inSSIDer 3 (Version: 3.0.7.48 - MetaGeek, LLC)
IrfanView (remove only) (Version: 4.30 - Irfan Skiljan)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Logitech SetPoint 6.32 (Version: 6.32.20 - Logitech)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project 2007 Service Pack 3 (SP3) (Version: - Microsoft)
Microsoft Office Project 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Project MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (Version: - Pavel Cvrcek)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
Mp3tag v2.58 (Version: v2.58 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP)
PC Inspector smart recovery (Version: 4.50 - )
Picasa 3 (Version: 3.9 - Google, Inc.)
QuickTime (Version: 7.74.80.86 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2360.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (Version: 13.0 - HP)
Skype Click to Call (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.0 (Version: 6.0.126 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (Version: 9.1.19.0 - Synaptics)
TeamViewer 9 (Version: 9.0.24951 - TeamViewer)
TomTom HOME (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2 - TomTom International B.V.)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)
USB 2.0 1.3M UVC WebCam (Version: - )
USB2.0 UVC 1.3M WebCam (Version: - )
VBA (3821b) (Version: 6.01.00.1234 - Microsoft Corporation) Hidden
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.20 (32-Bit) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
30-12-2013 16:37:55 Installed TomTom HOME.
31-12-2013 07:55:17 Windows Update
03-01-2014 20:03:22 Windows Update
07-01-2014 18:42:36 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {4F26D2F0-B634-4317-8B8B-BAE5417533FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-07] (Adobe Systems Incorporated)
Task: {54D1498A-6861-42FB-BE76-07FC9F12563F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-708869487-2778097473-442525102-1000UA => C:\Users\BINE\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17] (Google Inc.)
Task: {A1D6AD18-D090-466E-A639-D654C1449709} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-03] (Google Inc.)
Task: {B2D20802-3897-4307-B83E-3200F152F400} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-708869487-2778097473-442525102-1000Core => C:\Users\BINE\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17] (Google Inc.)
Task: {C48E8BEE-FAD3-485A-B7AA-F8CFACEB87BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-03] (Google Inc.)
Task: {C71CA331-1AED-419D-954C-32B3AD86EEBE} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()
Task: {D88A13D6-4D63-4FD4-8C0D-547519437509} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708869487-2778097473-442525102-1000Core.job => C:\Users\BINE\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708869487-2778097473-442525102-1000UA.job => C:\Users\BINE\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2007-06-15 10:28 - 2007-06-15 10:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-01 17:08 - 2007-06-01 17:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
2012-01-08 14:41 - 2012-01-08 14:41 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2013-12-24 22:56 - 2013-12-24 22:56 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== Faulty Device Manager Devices =============
Name: Photosmart C5100 series
Description: Photosmart C5100 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Photosmart C5100 series
Description: Photosmart C5100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/04/2014 01:08:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (01/04/2014 01:06:59 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/02/2014 06:30:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014e1a8
ID des fehlerhaften Prozesses: 0xc98
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (01/01/2014 02:10:33 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (12/31/2013 00:28:36 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (12/31/2013 00:27:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (12/30/2013 05:32:56 PM) (Source: TomTomHOMEService) (User: )
Description: TomTomHOMEServiceOpenService failed with 0
Error: (12/28/2013 01:15:44 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (12/28/2013 01:14:14 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (12/27/2013 07:46:51 PM) (Source: Application Hang) (User: )
Description: Programm Picasa3.exe, Version 3.9.137.76 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1d78
Startzeit: 01cf0332903be295
Endzeit: 109
Anwendungspfad: C:\Program Files\Google\Picasa3\Picasa3.exe
Berichts-ID: 3d4af1db-6f27-11e3-b49d-0022157f44a5
System errors:
=============
Error: (01/07/2014 10:32:08 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}
Error: (01/07/2014 10:32:08 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
Error: (01/07/2014 10:29:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (01/07/2014 10:29:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (01/07/2014 10:28:14 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (01/07/2014 10:28:14 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (01/07/2014 10:28:12 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (01/07/2014 10:28:06 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (01/07/2014 10:27:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (01/07/2014 10:27:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 22%
Total physical RAM: 3071.24 MB
Available physical RAM: 2377.31 MB
Total Pagefile: 6140.77 MB
Available Pagefile: 5517.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.39 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:116.44 GB) (Free:82.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:465.76 GB) (Free:297.86 GB) NTFS
Drive e: (Medien) (Fixed) (Total:106.68 GB) (Free:99.28 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 8D1C393D)
Partition 1: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 4AA6ECA5)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Edit#1: ich habe ihn unter 7VrpngX3 in der reg gefunden und alle Einträge davon gelöscht. Sollte ja passen, oder? Edit#2: Hat wohl gepasst, läuft wieder alles, mache trotzdem noch einen Scan mit Malwarebytes... Hätte ich gleich in der Anleitung von Smart Guard Protection entfernen schauen sollen, da hat mir der REG-Link für die neue Version auf die Spur gebracht. Tolles Forum! Danke für alles! Gruß Joe Geändert von joema77 (07.01.2014 um 23:21 Uhr) |
|
08.01.2014, 07:41
| #2 | |
| /// the machine /// TB-Ausbilder    | Smart Guard ProtectionZitat:
 Poste bitte mal das MBAM log wenn der Scan fertig ist.
__________________ |
|
08.01.2014, 09:05
| #3 |
| | Smart Guard Protection Ja nicht ganz,war iwie ein versteckter Link und mit Flash hat es auch zu tun gehabt...
__________________Log kommt evtl. Heute Abend, hab den schon wieder deinstalliert, hat aber noch 4 weitere Sachen gefunden... Gruß Joe |
|
08.01.2014, 14:35
| #4 |
| /// the machine /// TB-Ausbilder | Smart Guard Protection Ok, und frische FRST Logs bitte, aber aus dem normalen Modus.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.01.2014, 19:44
| #5 |
| | Smart Guard Protection So, hier mal der MBAM von gestern nach dem Löschen von mir, war doch noch ein bißchen was da: Code:
ATTFilter alwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.01.07.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
BINE :: BINE-LAPTOP [Administrator]
Schutz: Aktiviert
07.01.2014 23:28:26
mbam-log-2014-01-07 (23-28-26).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211937
Laufzeit: 11 Minute(n), 5 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 1
HKCU\Control Panel\don't load|wscui.cpl (Hijack.SecurityCenter) -> Daten: No -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\Users\BINE\Downloads\produkey_setup.exe (PUP.PSWTool.ProductKey) -> Keine Aktion durchgeführt.
C:\Users\BINE\AppData\Local\Temp\msi28722.exe (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.08.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16476 BINE :: BINE-LAPTOP [Administrator] Schutz: Deaktiviert 08.01.2014 18:56:36 mbam-log-2014-01-08 (18-56-36).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211645 Laufzeit: 9 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\ProgramData\7VrpngX3\7VrpngX3.exe (Rogue.WinWebSec) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Jetzt passt es: Code:
ATTFilter alwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.01.08.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
BINE :: BINE-LAPTOP [Administrator]
Schutz: Deaktiviert
08.01.2014 19:17:28
mbam-log-2014-01-08 (19-17-28).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211447
Laufzeit: 10 Minute(n), 54 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
War das jetzt eig. ein Virus, Wurm, Trojaner, oder ...??? Wie kam es, dass Avira Free Antivirus das nicht verhindern konnte? Das hat erst reagiert, als das Smart Guard Ding was an der Registry ändern wollte. Hier noch der Link, der auf ein HP versteckt war: 'http : // tcm-gesundheitsreisen.de / pics / simgbox / a . html' Die Leerzeichen sind von mir, damit da keiner auf den Link evtl. aus Versehen klickt.... War als Flashplayer Installer ausgegeben, ich weiß den darf man nur von Adobe runterladen, was ich jetzt auch in Zukunft machen werde. Ih war eig. eh stutzig, dass die Auforderung, den Flashplayer zu installieren, bzw. updaten kam, es war iwie ein Overlay auf einer Ski-Schulen Homepage. Sollte man die evtl. informieren? Diese hier war es: skischule-brunner.at, funktioniert jetzt natürlich einwandfrei... |
|
09.01.2014, 12:22
| #6 |
| /// the machine /// TB-Ausbilder | Smart Guard Protection Ja FRST LOgs bitte, dann seh ich ob da noch irgendwo was steckt.
__________________ --> Smart Guard Protection |
|
09.01.2014, 18:42
| #7 |
| | Smart Guard Protection So, hier noch die FRST-Logs. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-01-2014 01
Ran by BINE (administrator) on BINE-LAPTOP on 09-01-2014 18:35:16
Running from C:\Users\BINE\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUSTeK Computer INC.) C:\Program Files\ASUS\ATK Media\DMedia.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AlcaTech) C:\Windows\System32\mmrtkrnl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\BINE\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-01] (Synaptics, Inc.)
HKLM\...\Run: [ATKMEDIA] - C:\Program Files\ASUS\ATK Media\DMedia.exe [61440 2006-11-02] (ASUSTeK Computer INC.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Realtime Audio Engine] - "mmrtkrnl.exe" /i
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Run: [Google Update] - C:\Users\BINE\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-17] (Google Inc.)
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: G - G:\SETUP.EXE
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT
Startup: C:\Users\BINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\BINE\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x67A362C7CA9FCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
SearchScopes: HKCU - DefaultScope {F65E02EC-DC99-4858-9834-6129367F36AD} URL = hxxp://www.google.at/search?q={searchTerms}
SearchScopes: HKCU - {F65E02EC-DC99-4858-9834-6129367F36AD} URL = hxxp://www.google.at/search?q={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default
FF user.js: detected! => C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.at/
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF NetworkProxy: "backup.ftp", "proxy.aon.at"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.gopher", "proxy.aon.at"
FF NetworkProxy: "backup.gopher_port", 8080
FF NetworkProxy: "backup.socks", "proxy.aon.at"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "proxy.aon.at"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "proxy.aon.at"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "proxy.aon.at"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "proxy.aon.at"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "*.aon.at,*.jet2web.net,localhost,127.0.0.1"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.aon.at"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "proxy.aon.at"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\BINE\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\BINE\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\BINE\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\BINE\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\BINE\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: CrystalFox Qute - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\CrystalFox_Qute@BigRedBrent
FF Extension: Xmarks - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\foxmarks@kei.com
FF Extension: Silver Skin - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\{2A10B180-05EF-11D9-8C50-444553540001}
FF Extension: Qute - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
FF Extension: BlackJapan - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\{904524FC-3F89-11DA-8BDE-F66BAD1E3F3A}
FF Extension: Noia 2.0 (eXtreme) - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF Extension: DownloadHelper - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Facicons - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\{DDABDBA1-2377-4A30-A027-25697B99E254}
FF Extension: Adblock Plus - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Tab Mix Plus - C:\Users\BINE\AppData\Roaming\Mozilla\Firefox\Profiles\wkpit6ta.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
========================== Services (Whitelisted) =================
R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-01] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-02] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
==================== Drivers (Whitelisted) ====================
R0 AsDsm; C:\Windows\System32\Drivers\AsDsm.sys [30264 2013-03-17] (ASUSTek Computer Inc)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [14912 2003-07-11] (IBM)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2009-05-13] (ASUS)
S3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-24] (June Fabrics Technology Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1743232 2011-11-12] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2012-11-28] (TeamViewer GmbH)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-09 18:29 - 2014-01-09 18:35 - 00015967 _____ C:\Users\BINE\Desktop\FRST.txt
2014-01-09 18:29 - 2014-01-09 18:29 - 00000000 ____D C:\Users\BINE\Desktop\FRST-OlderVersion
2014-01-08 18:55 - 2014-01-08 18:55 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-08 18:55 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-07 23:23 - 2014-01-07 23:23 - 00000000 ____D C:\Users\BINE\AppData\Roaming\Malwarebytes
2014-01-07 23:23 - 2014-01-07 23:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-07 23:16 - 2014-01-07 23:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\BINE\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-07 23:02 - 2014-01-07 23:29 - 00001058 _____ C:\Users\BINE\Desktop\Rkill.txt
2014-01-07 23:01 - 2014-01-07 23:01 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\BINE\Desktop\rkill.com
2014-01-07 22:33 - 2014-01-09 18:29 - 00000000 ____D C:\FRST
2014-01-07 22:32 - 2014-01-09 18:29 - 01065947 _____ (Farbar) C:\Users\BINE\Desktop\FRST.exe
2014-01-04 21:57 - 2014-01-04 21:57 - 00000000 ____D C:\Users\BINE\AppData\Roaming\TomTom
2014-01-04 11:13 - 2014-01-09 18:26 - 00002936 _____ C:\Windows\setupact.log
2014-01-04 11:13 - 2014-01-04 11:13 - 00000000 _____ C:\Windows\setuperr.log
2013-12-30 17:35 - 2013-12-30 17:35 - 00000000 ____D C:\Users\BINE\Documents\TomTom
2013-12-30 17:35 - 2013-12-30 17:35 - 00000000 ____D C:\ProgramData\TomTom
2013-12-30 17:33 - 2013-12-30 17:33 - 00000000 ____D C:\Users\BINE\AppData\Local\TomTom
2013-12-30 17:32 - 2013-12-30 17:39 - 00000000 ____D C:\Program Files\TomTom HOME 2
2013-12-30 17:32 - 2013-12-30 17:32 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-12-30 17:32 - 2013-12-30 17:32 - 00000000 ____D C:\Program Files\TomTom DesktopSuite
2013-12-27 20:57 - 2013-12-28 11:40 - 00000000 ____D C:\Users\BINE\AppData\Roaming\Apple Computer
2013-12-27 20:57 - 2013-12-27 20:57 - 00000000 ____D C:\Users\BINE\AppData\Local\Apple Computer
2013-12-27 20:40 - 2013-12-27 20:40 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-27 20:40 - 2013-12-27 20:40 - 00000000 ____D C:\Program Files\QuickTime
2013-12-27 20:38 - 2013-12-27 20:38 - 00000000 ____D C:\Users\BINE\AppData\Local\Apple
2013-12-27 20:38 - 2013-12-27 20:38 - 00000000 ____D C:\ProgramData\Apple
2013-12-27 20:38 - 2013-12-27 20:38 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-27 20:38 - 2013-12-27 20:38 - 00000000 ____D C:\Program Files\Apple Software Update
2013-12-26 20:21 - 2013-12-26 20:21 - 00000257 _____ C:\Windows\system32\TeamViewer9_Hooks.log
2013-12-24 22:56 - 2013-12-24 22:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-23 20:32 - 2013-12-23 20:32 - 04558848 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2013-12-12 22:25 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 22:25 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 22:25 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 22:25 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 22:25 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 22:25 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 22:25 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 22:25 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 22:25 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 22:25 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 22:25 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 22:25 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 22:25 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 22:25 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 22:25 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 22:25 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 22:24 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 22:24 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 22:24 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 22:20 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 22:20 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 21:10 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 21:10 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 21:10 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 21:10 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 21:10 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 21:10 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 21:10 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 21:09 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 21:09 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 21:09 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 21:09 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
==================== One Month Modified Files and Folders =======
2014-01-09 18:35 - 2014-01-09 18:29 - 00015967 _____ C:\Users\BINE\Desktop\FRST.txt
2014-01-09 18:31 - 2009-07-14 05:34 - 00026080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-09 18:31 - 2009-07-14 05:34 - 00026080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-09 18:29 - 2014-01-09 18:29 - 00000000 ____D C:\Users\BINE\Desktop\FRST-OlderVersion
2014-01-09 18:29 - 2014-01-07 22:33 - 00000000 ____D C:\FRST
2014-01-09 18:29 - 2014-01-07 22:32 - 01065947 _____ (Farbar) C:\Users\BINE\Desktop\FRST.exe
2014-01-09 18:27 - 2013-05-04 18:23 - 00000000 ____D C:\Users\BINE\AppData\Roaming\Dropbox
2014-01-09 18:26 - 2014-01-04 11:13 - 00002936 _____ C:\Windows\setupact.log
2014-01-09 18:26 - 2013-06-03 21:25 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-09 18:26 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-08 22:48 - 2012-07-17 18:53 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708869487-2778097473-442525102-1000UA.job
2014-01-08 22:09 - 2013-06-03 21:25 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-08 22:07 - 2012-06-05 18:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-08 19:07 - 2011-11-11 08:48 - 00093202 _____ C:\Windows\PFRO.log
2014-01-08 18:55 - 2014-01-08 18:55 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-07 23:29 - 2014-01-07 23:02 - 00001058 _____ C:\Users\BINE\Desktop\Rkill.txt
2014-01-07 23:23 - 2014-01-07 23:23 - 00000000 ____D C:\Users\BINE\AppData\Roaming\Malwarebytes
2014-01-07 23:23 - 2014-01-07 23:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-07 23:16 - 2014-01-07 23:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\BINE\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-07 23:01 - 2014-01-07 23:01 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\BINE\Desktop\rkill.com
2014-01-07 22:22 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\LogFiles
2014-01-07 21:42 - 2012-06-05 18:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-07 21:42 - 2011-11-13 11:58 - 00000000 ____D C:\Users\BINE\AppData\Local\Adobe
2014-01-07 21:42 - 2011-11-12 18:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-07 21:39 - 2011-11-10 16:18 - 02024689 _____ C:\Windows\WindowsUpdate.log
2014-01-07 19:42 - 2009-11-10 19:44 - 01507340 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-06 17:48 - 2012-07-17 18:53 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708869487-2778097473-442525102-1000Core.job
2014-01-04 21:57 - 2014-01-04 21:57 - 00000000 ____D C:\Users\BINE\AppData\Roaming\TomTom
2014-01-04 15:29 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2014-01-04 13:13 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2014-01-04 11:13 - 2014-01-04 11:13 - 00000000 _____ C:\Windows\setuperr.log
2014-01-04 00:41 - 2009-07-14 09:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2014-01-04 00:41 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-30 17:39 - 2013-12-30 17:32 - 00000000 ____D C:\Program Files\TomTom HOME 2
2013-12-30 17:37 - 2011-12-18 17:26 - 00000000 ____D C:\Users\BINE\AppData\Local\Downloaded Installations
2013-12-30 17:35 - 2013-12-30 17:35 - 00000000 ____D C:\Users\BINE\Documents\TomTom
2013-12-30 17:35 - 2013-12-30 17:35 - 00000000 ____D C:\ProgramData\TomTom
2013-12-30 17:33 - 2013-12-30 17:33 - 00000000 ____D C:\Users\BINE\AppData\Local\TomTom
2013-12-30 17:32 - 2013-12-30 17:32 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-12-30 17:32 - 2013-12-30 17:32 - 00000000 ____D C:\Program Files\TomTom DesktopSuite
2013-12-28 20:43 - 2013-03-13 19:54 - 00000000 ____D C:\Users\BINE\AppData\Roaming\Mp3tag
2013-12-28 20:11 - 2013-03-13 19:54 - 00000000 ____D C:\Program Files\Mp3tag
2013-12-28 11:40 - 2013-12-27 20:57 - 00000000 ____D C:\Users\BINE\AppData\Roaming\Apple Computer
2013-12-27 20:57 - 2013-12-27 20:57 - 00000000 ____D C:\Users\BINE\AppData\Local\Apple Computer
2013-12-27 20:57 - 2013-03-24 20:53 - 00000000 ____D C:\Users\BINE\AppData\Roaming\vlc
2013-12-27 20:40 - 2013-12-27 20:40 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-27 20:40 - 2013-12-27 20:40 - 00000000 ____D C:\Program Files\QuickTime
2013-12-27 20:38 - 2013-12-27 20:38 - 00000000 ____D C:\Users\BINE\AppData\Local\Apple
2013-12-27 20:38 - 2013-12-27 20:38 - 00000000 ____D C:\ProgramData\Apple
2013-12-27 20:38 - 2013-12-27 20:38 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-27 20:38 - 2013-12-27 20:38 - 00000000 ____D C:\Program Files\Apple Software Update
2013-12-27 13:47 - 2009-07-14 05:33 - 00428656 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-26 20:36 - 2011-11-12 09:09 - 00114280 _____ C:\Users\BINE\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-26 20:21 - 2013-12-26 20:21 - 00000257 _____ C:\Windows\system32\TeamViewer9_Hooks.log
2013-12-26 20:20 - 2013-03-31 20:33 - 00000000 ____D C:\Program Files\TeamViewer
2013-12-24 23:49 - 2012-05-19 20:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-24 22:56 - 2013-12-24 22:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-24 20:15 - 2013-05-04 18:24 - 00000000 ____D C:\Users\BINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-23 20:32 - 2013-12-23 20:32 - 04558848 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2013-12-19 20:40 - 2013-05-07 18:03 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-19 20:40 - 2012-12-20 18:51 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-19 20:40 - 2012-12-20 18:51 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-12 22:24 - 2013-03-22 22:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 22:22 - 2013-08-17 15:29 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 22:21 - 2009-10-14 03:21 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-10 20:05 - 2011-11-11 13:48 - 00000000 ____D C:\Program Files\Google
Some content of TEMP:
====================
C:\Users\BINE\AppData\Local\Temp\avgnt.exe
C:\Users\BINE\AppData\Local\Temp\ose00000.exe
C:\Users\BINE\AppData\Local\Temp\_is5659.exe
C:\Users\BINE\AppData\Local\Temp\_isA562.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-30 10:12
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-01-2014 01
Ran by BINE at 2014-01-09 18:35:54
Running from C:\Users\BINE\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (Version: - )
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AllDup 3.4.18 (Version: 3.4.18 - Michael Thummerer Software Design)
Apple Application Support (Version: 2.3.4 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ASUS Data Security Manager (Version: 1.00.0014 - ASUS)
ATK Generic Function Service (Version: 1.00.0008 - ATK)
ATK Hotkey (Version: 1.00.0017 - ATK)
ATK Media (Version: - )
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
BIPA FotoShop (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
BPM-Studio 4 Demo (Version: 4.9.94 - AlcaTech)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C5100 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c5100_Help (Version: 82.0.256.000 - Hewlett-Packard) Hidden
ConvertHelper 2.2 (Version: - DownloadHelper)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (Version: 2.4.10 - Dropbox, Inc.)
EASEUS Data Recovery Wizard Professional 5.0.1 (Version: - EASEUS)
EasyBCD 1.7.2 (Version: 1.7.2 - NeoSmart Technologies)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Exifer (Version: - Friedemann Schmidt)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FileZilla Client 3.5.3 (Version: 3.5.3 - FileZilla Project)
Free PDF to Word Doc Converter v1.1 (Version: 1.1 - www.hellopdf.com)
FreeCommander 2009.02b (Version: 2009.02 - Marek Jasinski)
Galaxy Nexus ToolKit (Version: 7.4.0.0 - skipsoft)
GmoteServer (Version: 2.0.2 - Gmote.org)
Google Earth (Version: 7.1.2.2041 - Google)
Google Talk Plugin (Version: 4.9.1.16010 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (Version: 3.5 - HP)
HP Product Detection (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.51 (Version: 4.51 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Update (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HTC BMP USB Driver (Version: 1.0.5375 - HTC)
HTC Driver Installer (Version: 3.0.0.021 - HTC Corporation)
HTC Sync (Version: 3.2.20 - HTC Corporation)
inSSIDer 3 (Version: 3.0.7.48 - MetaGeek, LLC)
IrfanView (remove only) (Version: 4.30 - Irfan Skiljan)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Logitech SetPoint 6.32 (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project 2007 Service Pack 3 (SP3) (Version: - Microsoft)
Microsoft Office Project 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Project MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (Version: - Pavel Cvrcek)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
Mp3tag v2.58 (Version: v2.58 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP)
PC Inspector smart recovery (Version: 4.50 - )
Picasa 3 (Version: 3.9 - Google, Inc.)
QuickTime (Version: 7.74.80.86 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2360.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (Version: 13.0 - HP)
Skype Click to Call (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.0 (Version: 6.0.126 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (Version: 9.1.19.0 - Synaptics)
TeamViewer 9 (Version: 9.0.24951 - TeamViewer)
TomTom HOME (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2 - TomTom International B.V.)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)
USB 2.0 1.3M UVC WebCam (Version: - )
USB2.0 UVC 1.3M WebCam (Version: - )
VBA (3821b) (Version: 6.01.00.1234 - Microsoft Corporation) Hidden
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.20 (32-Bit) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {4F26D2F0-B634-4317-8B8B-BAE5417533FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-07] (Adobe Systems Incorporated)
Task: {54D1498A-6861-42FB-BE76-07FC9F12563F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-708869487-2778097473-442525102-1000UA => C:\Users\BINE\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17] (Google Inc.)
Task: {A1D6AD18-D090-466E-A639-D654C1449709} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-03] (Google Inc.)
Task: {B2D20802-3897-4307-B83E-3200F152F400} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-708869487-2778097473-442525102-1000Core => C:\Users\BINE\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17] (Google Inc.)
Task: {C48E8BEE-FAD3-485A-B7AA-F8CFACEB87BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-03] (Google Inc.)
Task: {C71CA331-1AED-419D-954C-32B3AD86EEBE} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()
Task: {D88A13D6-4D63-4FD4-8C0D-547519437509} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708869487-2778097473-442525102-1000Core.job => C:\Users\BINE\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708869487-2778097473-442525102-1000UA.job => C:\Users\BINE\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-12-20 18:51 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2011-11-10 18:30 - 2004-05-27 18:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
2007-06-15 10:28 - 2007-06-15 10:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-01 17:08 - 2007-06-01 17:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
2012-01-08 14:41 - 2012-01-08 14:41 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2011-11-11 13:19 - 2006-10-25 15:37 - 00045056 _____ () C:\Program Files\ASUS\ATK Media\GERSTRING.DLL
2011-10-07 10:41 - 2011-10-07 10:41 - 00879896 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\BINE\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-24 22:56 - 2013-12-24 22:56 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Photosmart C5100 series
Description: Photosmart C5100 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart C5100 series
Description: Photosmart C5100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/08/2014 06:26:28 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (01/04/2014 01:08:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (01/04/2014 01:06:59 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/02/2014 06:30:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014e1a8
ID des fehlerhaften Prozesses: 0xc98
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (01/01/2014 02:10:33 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (12/31/2013 00:28:36 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (12/31/2013 00:27:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (12/30/2013 05:32:56 PM) (Source: TomTomHOMEService) (User: )
Description: TomTomHOMEServiceOpenService failed with 0
Error: (12/28/2013 01:15:44 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (12/28/2013 01:14:14 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (01/09/2014 06:27:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (01/09/2014 06:26:40 PM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (01/09/2014 06:26:40 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (01/08/2014 07:16:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (01/08/2014 07:15:11 PM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (01/08/2014 07:15:11 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (01/08/2014 07:09:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (01/08/2014 07:07:59 PM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (01/08/2014 07:07:59 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (01/08/2014 06:25:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 31%
Total physical RAM: 3071.24 MB
Available physical RAM: 2096.24 MB
Total Pagefile: 6140.77 MB
Available Pagefile: 4960.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.13 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:116.44 GB) (Free:87.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:465.76 GB) (Free:297.87 GB) NTFS
Drive e: (Medien) (Fixed) (Total:106.68 GB) (Free:99.28 GB) NTFS
Drive f: (photo) (Network) (Total:3658.69 GB) (Free:1456.76 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 8D1C393D)
Partition 1: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 4AA6ECA5)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Kannst mir die erklären? |
|
10.01.2014, 10:52
| #8 |
| /// the machine /// TB-Ausbilder | Smart Guard Protection Das sind die Einträge aus dem Eventviewer von Windows. Ignorieren, bis du ein dazu passendes Problem bemerkst. Da wird jeder Pups eingetragen. Logs sind sauber
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Smart Guard Protection |
| adblock, antivir, antivirus, askbar, avira, browser, computer, converter, device driver, excel, flash player, google, helper, heuristics.shuriken, hijack.securitycenter, hilfreich, homepage, launch, malware, msiinstaller, nexus, plug-in, programm, pum.disabled.securitycenter, pup.pswtool.productkey, richtlinie, rogue.winwebsec, security, smart guard protection, software, svchost.exe, system error, vista, windows, wsearch |
Linear-Darstellung
