Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Rechner m. E. clean aber sendet ständig Daten

Rechner m. E. clean aber sendet ständig Daten


Log-Analyse und Auswertung: Rechner m. E. clean aber sendet ständig Daten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 24.01.2014, 10:42   #1
test0r
 
Rechner m. E. clean aber sendet ständig Daten - Icon22

Rechner m. E. clean aber sendet ständig Daten


Hi,

folgendes Problem: Halte meinen Rechner eigentlich sauber, benutze in Win7 Browser in der Sandbox, habe keine unnötigen Autostarts und stelle meine Programme immer so ein, dass nichts automatisch im Hintergrund lädt bzw. Traffic verursacht. Daher ist (bzw. war) mein TCPview und die Traffic-Anzeige auf meinem Desktop eigentlich auch immer leer. Logisch.

Seit einiger Zeit habe ich aber folgendes Problem: Im TCP View ist nach wie vor alles leer, also keine Prozesse die Traffic verursachen. Aber meine Traffic-Anzeige auf dem Desktop zeigt an, dass ca. jede Sekunde genau 208 Byte rausgesendet werden (siehe Anhangsbild).

Da frage ich mich, wie das sein kann. Das ist bei mir zuhause so. Wenn ich z.B. in der Bibliothek oder Uni im WLAN bin ist noch mehr Traffic, nicht nur nach außen sondern auch zu meinem Laptop hin. Aber TCPview IMMER leer.

Noch ein interessanter Fakt: Wenn ich zuhause das Internetkabel aus dem Router ziehe geht der Traffic genauso (208 B/Sekunde) weiter, wenn ich den Strom vom Router nehme ist der Traffic sofort bei 0.

Jetzt ist meine Frage, was da los ist. Anbei die Logs.

PS: Der Antivir-Log mit dem Fund dürfte unproblematisch sein, habe da nichts ausgeführt oder so.

Danke für die Hilfe.


Defogger Log:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:53 on 24/01/2014 (x)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Log:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by x (administrator) on X- on 24-01-2014 09:54:28
Running from C:\Users\x\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7299584 2013-02-16] (Binary Fortress Software)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [214448 2013-06-21] (NVIDIA Corporation)
Startup: C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thunderbird.lnk
ShortcutTarget: Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\nn3dj5jw.default
FF Homepage: https://startpage.com/do/mypage.pl?prf=a3366353a9aaa3d03525971204f5d9ca
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Youtube MP3 Podcaster - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\nn3dj5jw.default\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2014-01-23]
FF Extension: NoScript - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\nn3dj5jw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-07-17]
FF Extension: Adblock Plus - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\nn3dj5jw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-17]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
S4 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1243024 2013-02-11] (Binary Fortress Software)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-09-02] (Brother Industries Ltd.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-07] (Disc Soft Ltd)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-24 09:54 - 2014-01-24 09:54 - 00016515 _____ C:\Users\x\Desktop\FRST.txt
2014-01-24 09:54 - 2014-01-24 09:54 - 00000000 ____D C:\FRST
2014-01-24 09:53 - 2014-01-24 09:53 - 02077696 _____ (Farbar) C:\Users\x\Desktop\FRST64.exe
2014-01-24 09:52 - 2014-01-24 09:53 - 00000464 _____ C:\Users\x\Desktop\defogger_disable.log
2014-01-24 09:52 - 2014-01-24 09:52 - 00000000 _____ C:\Users\x\defogger_reenable
2014-01-24 09:51 - 2014-01-24 09:51 - 00050477 _____ C:\Users\x\Desktop\Defogger.exe
2014-01-15 06:01 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 06:01 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 06:01 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 06:01 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 06:01 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 06:01 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 06:01 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 06:01 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 06:01 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-04 18:31 - 2014-01-04 18:31 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-04 18:31 - 2014-01-04 18:31 - 00000000 ____D C:\Program Files\iPod
2014-01-04 18:31 - 2014-01-04 18:31 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-04 18:29 - 2014-01-04 18:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-12-30 16:44 - 2013-12-30 16:44 - 00000000 _____ C:\Users\x\Sti_Trace.log
2013-12-30 16:30 - 2013-12-30 16:30 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-12-30 16:29 - 2013-12-30 16:30 - 00000000 ____D C:\Users\x\AppData\Roaming\Canon
2013-12-30 14:38 - 2013-12-30 14:38 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2013-12-30 14:38 - 2012-07-04 11:55 - 01354240 _____ (CANON INC.) C:\Windows\system32\CNQ2414C.dll
2013-12-30 14:38 - 2012-07-04 11:55 - 00112128 _____ (CANON INC.) C:\Windows\system32\CNQ2414I.dll
2013-12-30 14:38 - 2012-07-04 11:29 - 00106496 _____ (CANON INC.) C:\Windows\SysWOW64\CNQ2414U.dll
2013-12-30 14:38 - 2010-12-17 14:49 - 00515072 _____ (CANON INC.) C:\Windows\system32\CNQ2414L.dll
2013-12-30 14:38 - 2010-12-17 14:49 - 00438272 _____ (CANON INC.) C:\Windows\SysWOW64\CNQ2414L.dll
2013-12-30 14:38 - 2010-03-19 10:04 - 00393256 _____ C:\Windows\SysWOW64\CNQ2414N.DAT
2013-12-30 14:38 - 2010-03-19 10:04 - 00393256 _____ C:\Windows\system32\CNQ2414N.DAT
2013-12-30 14:38 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2013-12-30 14:38 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2013-12-30 14:37 - 2013-12-30 14:37 - 00000000 ___HD C:\Program Files\CanonBJ
2013-12-30 14:37 - 2012-04-18 14:24 - 00103424 _____ (Canon Inc.) C:\Windows\system32\CNQ2414O.dll
2013-12-30 14:37 - 2010-03-11 08:57 - 00248320 _____ (CANON INC.) C:\Windows\system32\CNQ2414Y.dll
2013-12-30 14:29 - 2013-12-30 14:39 - 00000000 ____D C:\Program Files (x86)\Canon
2013-12-30 09:44 - 2013-12-30 09:44 - 00003326 _____ C:\Windows\System32\Tasks\{749A62D5-2F41-4186-9658-BB5F56E284A8}
2013-12-26 16:13 - 2013-12-26 16:13 - 00000000 ____D C:\Users\x\AppData\Roaming\AVS4YOU
2013-12-26 16:12 - 2013-12-26 16:34 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-12-26 16:12 - 2013-12-26 16:13 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-12-26 16:12 - 2012-03-23 19:59 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-12-26 16:12 - 2012-03-23 19:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll

==================== One Month Modified Files and Folders =======

2014-01-24 09:54 - 2014-01-24 09:54 - 00016515 _____ C:\Users\x\Desktop\FRST.txt
2014-01-24 09:54 - 2014-01-24 09:54 - 00000000 ____D C:\FRST
2014-01-24 09:53 - 2014-01-24 09:53 - 02077696 _____ (Farbar) C:\Users\x\Desktop\FRST64.exe
2014-01-24 09:53 - 2014-01-24 09:52 - 00000464 _____ C:\Users\x\Desktop\defogger_disable.log
2014-01-24 09:52 - 2014-01-24 09:52 - 00000000 _____ C:\Users\x\defogger_reenable
2014-01-24 09:52 - 2013-07-17 12:43 - 00000000 ____D C:\Users\x
2014-01-24 09:51 - 2014-01-24 09:51 - 00050477 _____ C:\Users\x\Desktop\Defogger.exe
2014-01-24 09:49 - 2013-07-17 18:16 - 00000000 ____D C:\Users\x\AppData\Roaming\DisplayFusion
2014-01-24 09:26 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-24 09:26 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-24 09:22 - 2013-07-11 07:52 - 01422220 _____ C:\Windows\WindowsUpdate.log
2014-01-24 09:18 - 2013-10-12 16:15 - 00000256 _____ C:\Windows\Tasks\AutoKMS.job
2014-01-24 09:18 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-24 09:18 - 2009-07-14 05:51 - 00078604 _____ C:\Windows\setupact.log
2014-01-23 22:48 - 2013-07-11 17:45 - 00699666 _____ C:\Windows\system32\perfh007.dat
2014-01-23 22:48 - 2013-07-11 17:45 - 00149774 _____ C:\Windows\system32\perfc007.dat
2014-01-23 22:48 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-23 21:06 - 2013-07-18 09:33 - 00000000 ____D C:\Users\x\AppData\Roaming\vlc
2014-01-20 22:12 - 2013-07-18 08:52 - 00000441 _____ C:\Windows\BRWMARK.INI
2014-01-15 06:08 - 2009-07-14 05:45 - 00371840 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 06:03 - 2013-07-17 15:28 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 06:01 - 2013-07-17 13:51 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-08 21:41 - 2013-08-31 22:22 - 00000000 ____D C:\Users\x\AppData\Roaming\dvdcss
2014-01-08 11:35 - 2013-07-17 18:20 - 00000000 ____D C:\Users\x\AppData\Roaming\Skype
2014-01-07 07:16 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-04 18:31 - 2014-01-04 18:31 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-04 18:31 - 2014-01-04 18:31 - 00000000 ____D C:\Program Files\iPod
2014-01-04 18:31 - 2014-01-04 18:31 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-04 18:31 - 2013-08-04 13:16 - 00000000 ____D C:\Program Files\iTunes
2014-01-04 18:29 - 2014-01-04 18:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-12-31 10:02 - 2013-07-17 18:19 - 00002970 _____ C:\Windows\Sandboxie.ini
2013-12-30 18:03 - 2013-07-17 12:46 - 00087608 _____ C:\Users\x\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-30 17:36 - 2013-07-17 17:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-12-30 16:44 - 2013-12-30 16:44 - 00000000 _____ C:\Users\x\Sti_Trace.log
2013-12-30 16:30 - 2013-12-30 16:30 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-12-30 16:30 - 2013-12-30 16:29 - 00000000 ____D C:\Users\x\AppData\Roaming\Canon
2013-12-30 16:28 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media
2013-12-30 14:39 - 2013-12-30 14:29 - 00000000 ____D C:\Program Files (x86)\Canon
2013-12-30 14:38 - 2013-12-30 14:38 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2013-12-30 14:37 - 2013-12-30 14:37 - 00000000 ___HD C:\Program Files\CanonBJ
2013-12-30 09:44 - 2013-12-30 09:44 - 00003326 _____ C:\Windows\System32\Tasks\{749A62D5-2F41-4186-9658-BB5F56E284A8}
2013-12-29 00:41 - 2013-07-17 15:24 - 00000000 ____D C:\Program Files\Wallpapers
2013-12-26 16:34 - 2013-12-26 16:12 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-12-26 16:13 - 2013-12-26 16:13 - 00000000 ____D C:\Users\x\AppData\Roaming\AVS4YOU
2013-12-26 16:13 - 2013-12-26 16:12 - 00000000 ____D C:\ProgramData\AVS4YOU

Some content of TEMP:
====================
C:\Users\x\AppData\Local\Temp\avgnt.exe
C:\Users\x\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\x\AppData\Local\Temp\MSETUP4.EXE
C:\Users\x\AppData\Local\Temp\ose00000.exe
C:\Users\x\AppData\Local\Temp\ose00001.exe
C:\Users\x\AppData\Local\Temp\ose00002.exe
C:\Users\x\AppData\Local\Temp\Quarantine.exe
C:\Users\x\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 07:08

==================== End Of Log ============================

Addition Log:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2014
Ran by x at 2014-01-24 09:55:01
Running from C:\Users\x\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acer Crystal Eye Webcam (x32 Version: 1.5.2904.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2904.00 - CyberLink Corp.) Hidden
Acer ePower Management (x32 Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (x32 Version: 5.00.3504 - Acer Incorporated)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (x32 Version: 10.1.0 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Broadcom Card Reader Driver Installer (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom NetLink Controller (Version: 14.8.4.1 - Broadcom Corporation)
Canon MP Navigator EX 4.0 (x32 Version:  - )
CanoScan LiDE 110 Scanner Driver (Version:  - Canon Inc.)
Citrix Authentication Manager (x32 Version: 5.1.0.62606 - Citrix Systems, Inc.) Hidden
Citrix Receiver (DV) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (USB) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (x32 Version: 14.1.0.0 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 4.1.0.56471 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 4.1.0.56461 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
DAEMON Tools Lite (x32 Version: 4.48.1.0347 - Disc Soft Ltd)
DisplayFusion 5.0 (x32 Version: 5.0.0.0 - Binary Fortress Software)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.7 - Dolby Laboratories Inc)
ETDWare PS/2-X64 8.0.6.3_WHQL (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
FreeFileSync 5.18 (x32 Version: 5.18 - Zenju)
Google Earth (x32 Version: 7.1.1.1888 - Google)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026 - Intel Corporation)
IrfanView (remove only) (x32 Version: 4.36 - Irfan Skiljan)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Launch Manager (x32 Version: 5.1.7 - Acer Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Project MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Project Professional 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Project Professional 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8 - Mozilla)
NVIDIA GeForce Experience 1.5 (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.49 (Version: 320.49 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Optimus 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Systemsteuerung 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF24 Creator 5.6.0 (x32 Version:  - PDF24.org)
Rainmeter (x32 Version: 3.0 beta r2085 - )
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Sandboxie 4.04 (64-bit) (Version: 4.04 - Sandboxie Holdings, LLC)
Secure Eraser (x32 Version: 4.2.0.1 - ASCOMP Software GmbH)
Self-Service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
TeamViewer 9 (x32 Version: 9.0.24951 - TeamViewer)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0 - Intel)
VLC media player 2.0.7 (Version: 2.0.7 - VideoLAN)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

04-01-2014 17:29:55 Installed iTunes
04-01-2014 17:33:46 Removed Bonjour
12-01-2014 09:49:38 Geplanter Prüfpunkt
15-01-2014 05:01:13 Windows Update
22-01-2014 14:58:49 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {4C00CEB4-2515-42CE-8CE2-7D9D0885016D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {5B6E8396-8800-4414-94D0-F2878A533F30} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {9192E7FB-E3D0-4776-A73E-9F22A687A935} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {CFB2D706-A6E3-485D-B18B-E90BE23BA1C4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {E534047A-55AD-4DB5-99D4-FA62A3762511} - System32\Tasks\{572CA396-F381-4792-8628-8B4C1C9DDFEC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/go/help.faq.installer?LastError=1618
Task: {E8A710ED-0F77-4BDD-ABEA-2FDF4F375BF9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

==================== Loaded Modules (whitelisted) =============

2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-07-17 17:55 - 2012-09-07 15:57 - 00559424 _____ () C:\Program Files (x86)\ASCOMP Software\Secure Eraser\SecEraser64.dll
2013-08-26 15:35 - 2013-08-26 15:35 - 00750776 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2013-08-26 15:32 - 2013-08-26 15:32 - 00013824 _____ () C:\Program Files\Rainmeter\Plugins\PerfMon.dll
2013-07-17 15:20 - 2013-07-17 15:18 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-14 06:58 - 2013-08-14 06:58 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f60b3ee2de3f41a024920486d46d49f2\IsdiInterop.ni.dll
2013-07-11 07:57 - 2011-04-29 23:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-07-18 10:35 - 2013-07-18 10:35 - 16166280 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
2013-08-21 07:15 - 2013-08-21 07:15 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Broadcom NetLink (TM) Gigabit Ethernet
Description: Broadcom NetLink (TM) Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: k57nd60a
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2014 09:19:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 01:16:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 10:17:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 07:58:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2014 06:11:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2014 01:43:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2014 03:46:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2014 09:31:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2014 01:59:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2014 10:08:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/24/2014 09:18:50 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/23/2014 01:16:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/23/2014 10:17:46 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/23/2014 07:58:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/22/2014 06:11:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/22/2014 01:42:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/21/2014 03:46:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/21/2014 09:31:03 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/20/2014 01:59:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/20/2014 10:08:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (01/24/2014 09:19:01 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 01:16:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 10:17:57 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 07:58:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2014 06:11:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2014 01:43:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2014 03:46:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2014 09:31:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2014 01:59:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2014 10:08:51 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 30%
Total physical RAM: 8043.86 MB
Available physical RAM: 5566.8 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 13439.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:222.73 GB) (Free:163.18 GB) NTFS
Drive d: (DATA) (Fixed) (Total:223.4 GB) (Free:184.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7B5D9035)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=223 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Antivir Log:
Code:
ATTFilter
Die Datei 'C:\Program Files\Sandboxie\Sandbox\x\DefaultBox\user\current\Desktop\FLVPlayerSetup-0vomBLC.exe'
enthielt einen Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 55153640.qua erstellt ( QUARANTÄNE ).
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d8219cf.qua' verschoben!


In der Datei 'C:\Program Files\Sandboxie\Sandbox\x\DefaultBox\user\current\Desktop\FLVPlayerSetup-0vomBLC.exe'
wurde ein Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program] gefunden.
Ausgeführte Aktion: Zugriff verweigern


In der Datei 'C:\Program Files\Sandboxie\Sandbox\x\DefaultBox\user\current\Desktop\FLVPlayerSetup-0vomBLC.exe'
wurde ein Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program] gefunden.
Ausgeführte Aktion: Zugriff verweigern


In der Datei 'C:\Program Files\Sandboxie\Sandbox\x\DefaultBox\user\current\Desktop\FLVPlayerSetup-0vomBLC.exe'
wurde ein Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program] gefunden.
Ausgeführte Aktion: Zugriff verweigern


In der Datei 'C:\Program Files\Sandboxie\Sandbox\x\DefaultBox\user\current\Desktop\FLVPlayerSetup-0vomBLC.exe'
wurde ein Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program] gefunden.
Ausgeführte Aktion: Zugriff verweigern


In der Datei 'C:\Program Files\Sandboxie\Sandbox\x\DefaultBox\user\current\Desktop\FLVPlayerSetup-0vomBLC.exe'
wurde ein Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program] gefunden.
Ausgeführte Aktion: Zugriff verweigern


In der Datei 'C:\Program Files\Sandboxie\Sandbox\x\DefaultBox\user\current\Desktop\FLVPlayerSetup-0vomBLC.exe'
wurde ein Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program] gefunden.
Ausgeführte Aktion: Übergeben an Scanner


In der Datei 'C:\Program Files\Sandboxie\Sandbox\x\DefaultBox\user\current\AppData\Local\Temp\IRsHGwxz.exe.part'
wurde ein Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program] gefunden.
Ausgeführte Aktion: Zugriff verweigern


In der Datei 'C:\Program Files\Sandboxie\Sandbox\x\DefaultBox\user\current\AppData\Local\Temp\IRsHGwxz.exe.part'
wurde ein Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

GMER Log:
Im Anhang (Gmer.rar), da zu Text lang.
Miniaturansicht angehängter Grafiken
Klicken Sie auf die Grafik für eine größere Ansicht Name: Out.JPG Hits: 152 Größe: 18,8 KB ID: 64074  

 

Themen zu Rechner m. E. clean aber sendet ständig Daten
4d36e972-e325-11ce-bfc1-08002be10318, adblock, antivirus, appl/somoto.gen, avira, browser, desktop, error, excel, firefox, flash player, frage, home, homepage, launch, mozilla, mp3, problem, prozesse, realtek, registry, scan, security, siteadvisor, software, svchost.exe, system, tcp view, usb, wlan


« mozilla - grün unterstrichen - pop up - ggf auch mail gehackt? | habe E-mail von BSI bekommen »


Ähnliche Themen: Rechner m. E. clean aber sendet ständig Daten


  1. Warum sendet Windows 10 Daten an das Britische Verteidigungsministerium?
    Überwachung, Datenschutz und Spam - 01.09.2015 (13)
  2. Malware? System gerettet aber clean? (STRG-ALT-DEL) war deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (25)
  3. Eigene Website sendet Daten an andere Url`s
    Plagegeister aller Art und deren Bekämpfung - 19.04.2011 (5)
  4. PC empfängt bzw. sendet permanent Daten
    Plagegeister aller Art und deren Bekämpfung - 02.11.2010 (7)
  5. Nach kompletter Neuinstallation wg. Phishing sendet Computer weiter Daten
    Log-Analyse und Auswertung - 16.01.2010 (2)
  6. Windows Update > svchost sendet massig Daten & Internet extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 09.01.2009 (0)
  7. PC sendet ständig Daten ins Internet
    Mülltonne - 29.11.2008 (0)
  8. PC sendet ständig Daten
    Mülltonne - 29.11.2008 (0)
  9. Rechner sendet / empfängt, aber scheinbar ohne Grund!?!
    Log-Analyse und Auswertung - 27.08.2008 (6)
  10. Mein Rechner sendet SPAM?
    Überwachung, Datenschutz und Spam - 25.03.2008 (17)
  11. Pc sendet permanent Daten
    Plagegeister aller Art und deren Bekämpfung - 04.12.2007 (5)
  12. DSL Modem sendet oder empfängt STÄNDIG Daten!
    Log-Analyse und Auswertung - 31.10.2007 (15)
  13. Mein PC sendet ständig! Trojaner oder normal?
    Log-Analyse und Auswertung - 09.10.2007 (17)
  14. PC sendet ständig Signale zum Microlink 56K, vermutlich trojanerverseucht
    Log-Analyse und Auswertung - 30.12.2006 (7)
  15. Rechner sendet permanent Daten ins Internet
    Plagegeister aller Art und deren Bekämpfung - 26.08.2006 (6)
  16. Zone Alarm sendet Daten
    Antiviren-, Firewall- und andere Schutzprogramme - 14.08.2006 (4)
  17. Winlogon.exe sendet ständig daten ins inet!
    Plagegeister aller Art und deren Bekämpfung - 19.01.2006 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Rechner m. E. clean aber sendet ständig Daten - Hi, folgendes Problem: Halte meinen Rechner eigentlich sauber, benutze in Win7 Browser in der Sandbox, habe keine unnötigen Autostarts und stelle meine Programme immer so ein, dass nichts automatisch im - Rechner m. E. clean aber sendet ständig Daten...
Archiv
Du betrachtest: Rechner m. E. clean aber sendet ständig Daten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27