| |
| |||||||
Log-Analyse und Auswertung: ebenfalls Problem mit http://static.icmapp.com/blank2.html#....Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.01.2014, 12:40
| #11 |
 |  ebenfalls Problem mit http://static.icmapp.com/blank2.html#.... 3. Schritt: FRST.txt Datei FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014
Ran by Prometheus (administrator) on PROMETHEUS-PC on 27-01-2014 12:31:54
Running from C:\Users\Prometheus\Downloads
Microsoft® Windows Vista™ Business Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CSR, plc) C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x32\SACSrv.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x32\SACMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dropbox, Inc.) C:\Users\Prometheus\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Farbar) C:\Users\Prometheus\Downloads\FRST(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-13] (IDT, Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [86016 2007-04-28] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8429568 2007-04-28] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2007-04-28] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [67584 2007-04-28] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [144784 2008-02-22] (Sun Microsystems, Inc.)
HKLM\...\Run: [ChangeTPMAuth] - C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SafeNetCertMngr] - C:\Program Files\SafeNet\Authentication\SAC\x32\SACMonitor.exe [1923032 2011-10-02] (SafeNet, Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [56080 2007-06-12] (Logitech, Inc.)
HKLM\...\Run: [Logitech Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [56080 2007-06-12] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] - LBTWIZ.EXE -silent
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2014-01-08] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17415344 2012-07-03] (Skype Technologies S.A.)
MountPoints2: {fd680a3f-d710-11e1-9c84-001d09dba8a1} - F:\AutoRun.exe
MountPoints2: {fd680a60-d710-11e1-9c84-001d09dba8a1} - F:\AutoRun.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2008-01-21] (Microsoft Corporation)
Startup: C:\Users\Prometheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Prometheus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Prometheus\AppData\Roaming\Mozilla\Firefox\Profiles\n68f0raf.default
FF NewTab: about:home
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyDeal - C:\Users\Prometheus\AppData\Roaming\Mozilla\Firefox\Profiles\n68f0raf.default\Extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2013-08-01]
FF Extension: Adblock Plus - C:\Users\Prometheus\AppData\Roaming\Mozilla\Firefox\Profiles\n68f0raf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2014-01-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2014-01-08] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2014-01-08] (Avira Operations GmbH & Co. KG)
R2 BthFilterHelper; C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe [127488 2006-11-07] (CSR, plc)
R2 nicconfigsvc; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [390424 2008-02-22] (Dell Inc.)
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x32\SACSrv.exe [10200 2011-10-02] (SafeNet, Inc.)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-01] (soft Xpansion)
==================== Drivers (Whitelisted) ====================
R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [48296 2008-07-29] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [34472 2008-07-29] (Aladdin Knowledge Systems, Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-01-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-01-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-01-08] (Avira Operations GmbH & Co. KG)
R3 BTHFILT; C:\Windows\System32\DRIVERS\BthFilt.sys [13824 2006-11-06] (CSR, plc)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcxp.sys [31744 2007-01-16] (CSR, plc)
R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [62208 2007-03-26] (O2Micro)
R3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [11616 2010-04-29] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [18080 2010-04-29] (SafeNet, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-01-08] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [21472 2010-04-29] (SafeNet, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-27 12:31 - 2014-01-27 12:31 - 01223168 _____ (Farbar) C:\Users\Prometheus\Downloads\FRST(1).exe
2014-01-27 12:29 - 2014-01-27 12:29 - 00001396 _____ C:\Users\Prometheus\Desktop\JRT.txt
2014-01-27 12:26 - 2014-01-27 12:26 - 00000000 ____D C:\Windows\ERUNT
2014-01-27 12:24 - 2014-01-27 12:25 - 01037068 _____ (Thisisu) C:\Users\Prometheus\Downloads\JRT.exe
2014-01-27 12:02 - 2014-01-27 12:19 - 00000000 ____D C:\AdwCleaner
2014-01-27 12:02 - 2014-01-27 12:02 - 01236282 _____ C:\Users\Prometheus\Downloads\adwcleaner.exe
2014-01-24 15:04 - 2014-01-24 15:28 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-24 15:04 - 2014-01-24 15:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-24 15:03 - 2014-01-24 15:42 - 00000000 ____D C:\Users\Prometheus\Desktop\mbar
2014-01-24 15:03 - 2014-01-24 15:27 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-24 15:01 - 2014-01-24 15:02 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Prometheus\Downloads\mbar-1.07.0.1009.exe
2014-01-24 12:07 - 2014-01-27 12:31 - 00013724 _____ C:\Users\Prometheus\Downloads\FRST.txt
2014-01-24 12:07 - 2014-01-24 12:09 - 00020918 _____ C:\Users\Prometheus\Downloads\Addition.txt
2014-01-24 12:06 - 2014-01-24 12:06 - 01222144 _____ (Farbar) C:\Users\Prometheus\Downloads\FRST.exe
2014-01-24 12:06 - 2014-01-24 12:06 - 00000000 ____D C:\FRST
2014-01-08 19:51 - 2014-01-08 19:51 - 00000000 ____D C:\Users\Prometheus\AppData\Roaming\Avira
2014-01-08 19:49 - 2014-01-08 19:49 - 00001847 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2014-01-08 19:49 - 2014-01-08 19:49 - 00000000 ____D C:\ProgramData\Avira
2014-01-08 19:49 - 2014-01-08 19:49 - 00000000 ____D C:\Program Files\Avira
2014-01-08 19:49 - 2014-01-08 19:46 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-01-08 19:49 - 2014-01-08 19:46 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-01-08 19:49 - 2014-01-08 19:46 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-01-08 19:49 - 2014-01-08 19:46 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-01-05 16:07 - 2014-01-05 16:07 - 00000000 ____D C:\Users\Prometheus\Desktop\Fotos
==================== One Month Modified Files and Folders =======
2014-01-27 12:32 - 2014-01-24 12:07 - 00013724 _____ C:\Users\Prometheus\Downloads\FRST.txt
2014-01-27 12:31 - 2014-01-27 12:31 - 01223168 _____ (Farbar) C:\Users\Prometheus\Downloads\FRST(1).exe
2014-01-27 12:29 - 2014-01-27 12:29 - 00001396 _____ C:\Users\Prometheus\Desktop\JRT.txt
2014-01-27 12:26 - 2014-01-27 12:26 - 00000000 ____D C:\Windows\ERUNT
2014-01-27 12:25 - 2014-01-27 12:24 - 01037068 _____ (Thisisu) C:\Users\Prometheus\Downloads\JRT.exe
2014-01-27 12:25 - 2006-11-02 11:33 - 01445310 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-27 12:22 - 2013-09-15 17:45 - 00000000 ___RD C:\Users\Prometheus\Dropbox
2014-01-27 12:22 - 2013-09-15 17:41 - 00000000 ____D C:\Users\Prometheus\AppData\Roaming\Dropbox
2014-01-27 12:21 - 2012-07-05 19:59 - 00023572 _____ C:\Users\Prometheus\AppData\Roaming\nvModes.001
2014-01-27 12:20 - 2012-07-05 20:01 - 00002873 _____ C:\Windows\bthservsdp.dat
2014-01-27 12:20 - 2006-11-02 14:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-27 12:20 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-27 12:20 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-27 12:20 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-27 12:19 - 2014-01-27 12:02 - 00000000 ____D C:\AdwCleaner
2014-01-27 12:19 - 2008-01-21 02:39 - 01518060 _____ C:\Windows\WindowsUpdate.log
2014-01-27 12:02 - 2014-01-27 12:02 - 01236282 _____ C:\Users\Prometheus\Downloads\adwcleaner.exe
2014-01-24 15:42 - 2014-01-24 15:03 - 00000000 ____D C:\Users\Prometheus\Desktop\mbar
2014-01-24 15:28 - 2014-01-24 15:04 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-24 15:27 - 2014-01-24 15:03 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-24 15:19 - 2006-11-02 14:00 - 00101804 _____ C:\Windows\PFRO.log
2014-01-24 15:19 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\IME
2014-01-24 15:04 - 2014-01-24 15:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-24 15:02 - 2014-01-24 15:01 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Prometheus\Downloads\mbar-1.07.0.1009.exe
2014-01-24 12:09 - 2014-01-24 12:07 - 00020918 _____ C:\Users\Prometheus\Downloads\Addition.txt
2014-01-24 12:06 - 2014-01-24 12:06 - 01222144 _____ (Farbar) C:\Users\Prometheus\Downloads\FRST.exe
2014-01-24 12:06 - 2014-01-24 12:06 - 00000000 ____D C:\FRST
2014-01-24 12:02 - 2006-11-02 13:52 - 00100731 _____ C:\Windows\setupact.log
2014-01-24 11:27 - 2012-07-05 20:14 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-19 10:31 - 2012-07-05 20:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-19 10:29 - 2013-08-14 16:30 - 00000000 ____D C:\Windows\system32\MRT
2014-01-19 10:26 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-09 06:14 - 2013-08-01 20:42 - 00033864 _____ C:\Windows\Launcher.exe
2014-01-08 21:36 - 2013-01-12 15:17 - 00000000 ____D C:\ProgramData\tmp
2014-01-08 19:51 - 2014-01-08 19:51 - 00000000 ____D C:\Users\Prometheus\AppData\Roaming\Avira
2014-01-08 19:49 - 2014-01-08 19:49 - 00001847 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2014-01-08 19:49 - 2014-01-08 19:49 - 00000000 ____D C:\ProgramData\Avira
2014-01-08 19:49 - 2014-01-08 19:49 - 00000000 ____D C:\Program Files\Avira
2014-01-08 19:46 - 2014-01-08 19:49 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-01-08 19:46 - 2014-01-08 19:49 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-01-08 19:46 - 2014-01-08 19:49 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-01-08 19:46 - 2014-01-08 19:49 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-01-08 19:36 - 2013-09-15 17:45 - 00000934 _____ C:\Users\Prometheus\Desktop\Dropbox.lnk
2014-01-08 19:36 - 2013-09-15 17:42 - 00000000 ____D C:\Users\Prometheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-05 20:22 - 2012-08-22 18:27 - 00000000 ____D C:\Users\Prometheus\AppData\Roaming\vlc
2014-01-05 20:05 - 2012-07-05 20:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-05 16:07 - 2014-01-05 16:07 - 00000000 ____D C:\Users\Prometheus\Desktop\Fotos
Some content of TEMP:
====================
C:\Users\Prometheus\AppData\Local\Temp\AskSLib.dll
C:\Users\Prometheus\AppData\Local\Temp\avgnt.exe
C:\Users\Prometheus\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Prometheus\AppData\Local\Temp\InstallerBT.exe
C:\Users\Prometheus\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Prometheus\AppData\Local\Temp\ose00000.exe
C:\Users\Prometheus\AppData\Local\Temp\plus-hd-2-6.exe
C:\Users\Prometheus\AppData\Local\Temp\Quarantine.exe
C:\Users\Prometheus\AppData\Local\Temp\ResetDevice.exe
C:\Users\Prometheus\AppData\Local\Temp\tbu2155.exe
C:\Users\Prometheus\AppData\Local\Temp\tbu2451.exe
C:\Users\Prometheus\AppData\Local\Temp\tbu297F.exe
C:\Users\Prometheus\AppData\Local\Temp\tbu3477.exe
C:\Users\Prometheus\AppData\Local\Temp\tbu3EE5.exe
C:\Users\Prometheus\AppData\Local\Temp\tbuBB23.exe
C:\Users\Prometheus\AppData\Local\Temp\tbuBF0A.exe
C:\Users\Prometheus\AppData\Local\Temp\tbuED0C.exe
C:\Users\Prometheus\AppData\Local\Temp\tbuEFBA.exe
C:\Users\Prometheus\AppData\Local\Temp\uninst1.exe
C:\Users\Prometheus\AppData\Local\Temp\ydetect.exe
C:\Users\Prometheus\AppData\Local\Temp\_is66B0.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2012-07-05 20:06] - [2009-03-03 05:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-27 12:27
==================== End Of Log ============================
--- --- --- Addition.txt Datei FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014
Ran by Prometheus (administrator) on PROMETHEUS-PC on 27-01-2014 12:31:54
Running from C:\Users\Prometheus\Downloads
Microsoft® Windows Vista™ Business Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CSR, plc) C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x32\SACSrv.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x32\SACMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dropbox, Inc.) C:\Users\Prometheus\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Farbar) C:\Users\Prometheus\Downloads\FRST(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-13] (IDT, Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [86016 2007-04-28] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8429568 2007-04-28] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2007-04-28] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [67584 2007-04-28] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [144784 2008-02-22] (Sun Microsystems, Inc.)
HKLM\...\Run: [ChangeTPMAuth] - C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SafeNetCertMngr] - C:\Program Files\SafeNet\Authentication\SAC\x32\SACMonitor.exe [1923032 2011-10-02] (SafeNet, Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [56080 2007-06-12] (Logitech, Inc.)
HKLM\...\Run: [Logitech Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [56080 2007-06-12] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] - LBTWIZ.EXE -silent
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2014-01-08] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17415344 2012-07-03] (Skype Technologies S.A.)
MountPoints2: {fd680a3f-d710-11e1-9c84-001d09dba8a1} - F:\AutoRun.exe
MountPoints2: {fd680a60-d710-11e1-9c84-001d09dba8a1} - F:\AutoRun.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2008-01-21] (Microsoft Corporation)
Startup: C:\Users\Prometheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Prometheus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Prometheus\AppData\Roaming\Mozilla\Firefox\Profiles\n68f0raf.default
FF NewTab: about:home
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyDeal - C:\Users\Prometheus\AppData\Roaming\Mozilla\Firefox\Profiles\n68f0raf.default\Extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2013-08-01]
FF Extension: Adblock Plus - C:\Users\Prometheus\AppData\Roaming\Mozilla\Firefox\Profiles\n68f0raf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2014-01-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2014-01-08] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2014-01-08] (Avira Operations GmbH & Co. KG)
R2 BthFilterHelper; C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe [127488 2006-11-07] (CSR, plc)
R2 nicconfigsvc; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [390424 2008-02-22] (Dell Inc.)
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x32\SACSrv.exe [10200 2011-10-02] (SafeNet, Inc.)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-01] (soft Xpansion)
==================== Drivers (Whitelisted) ====================
R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [48296 2008-07-29] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [34472 2008-07-29] (Aladdin Knowledge Systems, Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-01-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-01-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-01-08] (Avira Operations GmbH & Co. KG)
R3 BTHFILT; C:\Windows\System32\DRIVERS\BthFilt.sys [13824 2006-11-06] (CSR, plc)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcxp.sys [31744 2007-01-16] (CSR, plc)
R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [62208 2007-03-26] (O2Micro)
R3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [11616 2010-04-29] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [18080 2010-04-29] (SafeNet, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-01-08] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [21472 2010-04-29] (SafeNet, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-27 12:31 - 2014-01-27 12:31 - 01223168 _____ (Farbar) C:\Users\Prometheus\Downloads\FRST(1).exe
2014-01-27 12:29 - 2014-01-27 12:29 - 00001396 _____ C:\Users\Prometheus\Desktop\JRT.txt
2014-01-27 12:26 - 2014-01-27 12:26 - 00000000 ____D C:\Windows\ERUNT
2014-01-27 12:24 - 2014-01-27 12:25 - 01037068 _____ (Thisisu) C:\Users\Prometheus\Downloads\JRT.exe
2014-01-27 12:02 - 2014-01-27 12:19 - 00000000 ____D C:\AdwCleaner
2014-01-27 12:02 - 2014-01-27 12:02 - 01236282 _____ C:\Users\Prometheus\Downloads\adwcleaner.exe
2014-01-24 15:04 - 2014-01-24 15:28 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-24 15:04 - 2014-01-24 15:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-24 15:03 - 2014-01-24 15:42 - 00000000 ____D C:\Users\Prometheus\Desktop\mbar
2014-01-24 15:03 - 2014-01-24 15:27 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-24 15:01 - 2014-01-24 15:02 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Prometheus\Downloads\mbar-1.07.0.1009.exe
2014-01-24 12:07 - 2014-01-27 12:31 - 00013724 _____ C:\Users\Prometheus\Downloads\FRST.txt
2014-01-24 12:07 - 2014-01-24 12:09 - 00020918 _____ C:\Users\Prometheus\Downloads\Addition.txt
2014-01-24 12:06 - 2014-01-24 12:06 - 01222144 _____ (Farbar) C:\Users\Prometheus\Downloads\FRST.exe
2014-01-24 12:06 - 2014-01-24 12:06 - 00000000 ____D C:\FRST
2014-01-08 19:51 - 2014-01-08 19:51 - 00000000 ____D C:\Users\Prometheus\AppData\Roaming\Avira
2014-01-08 19:49 - 2014-01-08 19:49 - 00001847 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2014-01-08 19:49 - 2014-01-08 19:49 - 00000000 ____D C:\ProgramData\Avira
2014-01-08 19:49 - 2014-01-08 19:49 - 00000000 ____D C:\Program Files\Avira
2014-01-08 19:49 - 2014-01-08 19:46 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-01-08 19:49 - 2014-01-08 19:46 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-01-08 19:49 - 2014-01-08 19:46 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-01-08 19:49 - 2014-01-08 19:46 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-01-05 16:07 - 2014-01-05 16:07 - 00000000 ____D C:\Users\Prometheus\Desktop\Fotos
==================== One Month Modified Files and Folders =======
2014-01-27 12:32 - 2014-01-24 12:07 - 00013724 _____ C:\Users\Prometheus\Downloads\FRST.txt
2014-01-27 12:31 - 2014-01-27 12:31 - 01223168 _____ (Farbar) C:\Users\Prometheus\Downloads\FRST(1).exe
2014-01-27 12:29 - 2014-01-27 12:29 - 00001396 _____ C:\Users\Prometheus\Desktop\JRT.txt
2014-01-27 12:26 - 2014-01-27 12:26 - 00000000 ____D C:\Windows\ERUNT
2014-01-27 12:25 - 2014-01-27 12:24 - 01037068 _____ (Thisisu) C:\Users\Prometheus\Downloads\JRT.exe
2014-01-27 12:25 - 2006-11-02 11:33 - 01445310 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-27 12:22 - 2013-09-15 17:45 - 00000000 ___RD C:\Users\Prometheus\Dropbox
2014-01-27 12:22 - 2013-09-15 17:41 - 00000000 ____D C:\Users\Prometheus\AppData\Roaming\Dropbox
2014-01-27 12:21 - 2012-07-05 19:59 - 00023572 _____ C:\Users\Prometheus\AppData\Roaming\nvModes.001
2014-01-27 12:20 - 2012-07-05 20:01 - 00002873 _____ C:\Windows\bthservsdp.dat
2014-01-27 12:20 - 2006-11-02 14:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-27 12:20 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-27 12:20 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-27 12:20 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-27 12:19 - 2014-01-27 12:02 - 00000000 ____D C:\AdwCleaner
2014-01-27 12:19 - 2008-01-21 02:39 - 01518060 _____ C:\Windows\WindowsUpdate.log
2014-01-27 12:02 - 2014-01-27 12:02 - 01236282 _____ C:\Users\Prometheus\Downloads\adwcleaner.exe
2014-01-24 15:42 - 2014-01-24 15:03 - 00000000 ____D C:\Users\Prometheus\Desktop\mbar
2014-01-24 15:28 - 2014-01-24 15:04 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-24 15:27 - 2014-01-24 15:03 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-24 15:19 - 2006-11-02 14:00 - 00101804 _____ C:\Windows\PFRO.log
2014-01-24 15:19 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\IME
2014-01-24 15:04 - 2014-01-24 15:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-24 15:02 - 2014-01-24 15:01 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Prometheus\Downloads\mbar-1.07.0.1009.exe
2014-01-24 12:09 - 2014-01-24 12:07 - 00020918 _____ C:\Users\Prometheus\Downloads\Addition.txt
2014-01-24 12:06 - 2014-01-24 12:06 - 01222144 _____ (Farbar) C:\Users\Prometheus\Downloads\FRST.exe
2014-01-24 12:06 - 2014-01-24 12:06 - 00000000 ____D C:\FRST
2014-01-24 12:02 - 2006-11-02 13:52 - 00100731 _____ C:\Windows\setupact.log
2014-01-24 11:27 - 2012-07-05 20:14 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-19 10:31 - 2012-07-05 20:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-19 10:29 - 2013-08-14 16:30 - 00000000 ____D C:\Windows\system32\MRT
2014-01-19 10:26 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-09 06:14 - 2013-08-01 20:42 - 00033864 _____ C:\Windows\Launcher.exe
2014-01-08 21:36 - 2013-01-12 15:17 - 00000000 ____D C:\ProgramData\tmp
2014-01-08 19:51 - 2014-01-08 19:51 - 00000000 ____D C:\Users\Prometheus\AppData\Roaming\Avira
2014-01-08 19:49 - 2014-01-08 19:49 - 00001847 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2014-01-08 19:49 - 2014-01-08 19:49 - 00000000 ____D C:\ProgramData\Avira
2014-01-08 19:49 - 2014-01-08 19:49 - 00000000 ____D C:\Program Files\Avira
2014-01-08 19:46 - 2014-01-08 19:49 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-01-08 19:46 - 2014-01-08 19:49 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-01-08 19:46 - 2014-01-08 19:49 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-01-08 19:46 - 2014-01-08 19:49 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-01-08 19:36 - 2013-09-15 17:45 - 00000934 _____ C:\Users\Prometheus\Desktop\Dropbox.lnk
2014-01-08 19:36 - 2013-09-15 17:42 - 00000000 ____D C:\Users\Prometheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-05 20:22 - 2012-08-22 18:27 - 00000000 ____D C:\Users\Prometheus\AppData\Roaming\vlc
2014-01-05 20:05 - 2012-07-05 20:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-05 16:07 - 2014-01-05 16:07 - 00000000 ____D C:\Users\Prometheus\Desktop\Fotos
Some content of TEMP:
====================
C:\Users\Prometheus\AppData\Local\Temp\AskSLib.dll
C:\Users\Prometheus\AppData\Local\Temp\avgnt.exe
C:\Users\Prometheus\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Prometheus\AppData\Local\Temp\InstallerBT.exe
C:\Users\Prometheus\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Prometheus\AppData\Local\Temp\ose00000.exe
C:\Users\Prometheus\AppData\Local\Temp\plus-hd-2-6.exe
C:\Users\Prometheus\AppData\Local\Temp\Quarantine.exe
C:\Users\Prometheus\AppData\Local\Temp\ResetDevice.exe
C:\Users\Prometheus\AppData\Local\Temp\tbu2155.exe
C:\Users\Prometheus\AppData\Local\Temp\tbu2451.exe
C:\Users\Prometheus\AppData\Local\Temp\tbu297F.exe
C:\Users\Prometheus\AppData\Local\Temp\tbu3477.exe
C:\Users\Prometheus\AppData\Local\Temp\tbu3EE5.exe
C:\Users\Prometheus\AppData\Local\Temp\tbuBB23.exe
C:\Users\Prometheus\AppData\Local\Temp\tbuBF0A.exe
C:\Users\Prometheus\AppData\Local\Temp\tbuED0C.exe
C:\Users\Prometheus\AppData\Local\Temp\tbuEFBA.exe
C:\Users\Prometheus\AppData\Local\Temp\uninst1.exe
C:\Users\Prometheus\AppData\Local\Temp\ydetect.exe
C:\Users\Prometheus\AppData\Local\Temp\_is66B0.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2012-07-05 20:06] - [2009-03-03 05:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-27 12:27
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-01-2014
Ran by Prometheus at 2014-01-27 12:35:25
Running from C:\Users\Prometheus\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) - Deutsch (Version: 10.1.6 - Adobe Systems Incorporated)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit Integrated Controller (Version: 10.15.08 - Broadcom Corporation)
Canon iP4600 series Printer Driver (Version: - )
CDDRV_Installer (Version: 4.20 - Logitech) Hidden
Dell Resource CD (Version: 1.00.0000 - Ihr Firmenname)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
ElsterFormular (Version: 14.0.0.10960 - Landesfinanzdirektion Thüringen)
Free Pdf Perfect Prereq (Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Freemium Free PDF Perfect (Version: 1.0 - Freemium)
FreePDF (Remove only) (Version: - )
HomeTab 5.6 (Version: 5.6 - HomeTab)
Intel Matrix Storage Manager (Version: - )
Intel(R) PROSet/Wireless Software (Version: 11.01.0000 - Intel Corporation)
iTunes (Version: 11.1.0.126 - Apple Inc.)
Java(TM) 6 Update 5 (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Java(TM) SE Runtime Environment 6 (Version: 1.6.0.0 - Sun Microsystems, Inc.)
KhalInstallWrapper (Version: 4.20.131 - Logitech) Hidden
Logitech Desktop Messenger (Version: 2.52.18 - Logitech, Inc.)
Logitech SetPoint (Version: 4.20 - Logitech)
mCore (Version: 9.24.0000 - Intel Corporation) Hidden
mDriver (Version: 9.24.0000 - Intel) Hidden
Mein CEWE FOTOBUCH (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
Meine CEWE FOTOWELT (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
mHelp (Version: 9.24.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
mMHouse (Version: 9.24.0000 - Intel Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
mPfMgr (Version: 9.24.0000 - Intel Corporation) Hidden
mWMI (Version: 9.24.0000 - Intel Corporation) Hidden
NetWaiting (Version: 2.5.44 - BVRP Software, Inc)
NVIDIA Drivers (Version: - )
Oz776 SCR Driver V1.1.4.2 (Version: 1.1.4.2 - O2Micro)
Oz776 SCR Driver V1.1.4.2 (Version: 1.1.4.2 - O2Micro) Hidden
PDFCreator (Version: 1.7.1 - pdfforge)
QuickSet (Version: 8.2.20 - Dell Inc.)
RedMon - Redirection Port Monitor (Version: - )
SafeNet Authentication Client 8.1 SP1 (Version: 8.1.245.0 - SafeNet, Inc.)
SafeNet iKey Driver v4.1.1.5 (Version: 4.1.1 - SafeNet, Inc.)
SigmaTel Audio (Version: 5.10.5210.0 - SigmaTel)
Skype™ 5.10 (Version: 5.10.115 - Skype Technologies S.A.)
Surf & E-Mail-Stick (Version: 11.301.08.00.35 - Huawei Technologies Co.,Ltd)
Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)
Vista Profile Pack (Version: 2.0.13.0 - CSR plc)
VLC media player 2.0.2 (Version: 2.0.2 - VideoLAN)
Windows Utils (Version: - )
Wisdom-soft ScreenHunter 6.0 Free (Version: - Wisdom Software Inc.)
Yahoo! Detect (Version: - )
==================== Restore Points =========================
20-10-2013 15:06:06 Geplanter Prüfpunkt
27-10-2013 08:54:34 Geplanter Prüfpunkt
31-10-2013 16:58:33 Geplanter Prüfpunkt
07-11-2013 17:43:44 Geplanter Prüfpunkt
10-11-2013 18:26:26 Geplanter Prüfpunkt
11-11-2013 20:27:28 Geplanter Prüfpunkt
15-11-2013 22:30:04 Windows Update
17-11-2013 12:53:26 Geplanter Prüfpunkt
02-12-2013 19:42:15 Geplanter Prüfpunkt
03-12-2013 19:33:22 Geplanter Prüfpunkt
08-12-2013 10:13:03 Geplanter Prüfpunkt
20-12-2013 18:44:34 Geplanter Prüfpunkt
22-12-2013 11:55:16 Windows Update
06-01-2014 19:08:49 Geplanter Prüfpunkt
19-01-2014 09:23:41 Windows Update
20-01-2014 11:30:48 Geplanter Prüfpunkt
24-01-2014 10:27:16 Windows Update
24-01-2014 14:16:36 Malwarebytes Anti-Rootkit Restore Point
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {22E1772E-7DFE-4C5F-841F-1C93FD5D82A4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {2DE18FE4-6467-484F-8431-206702EC5546} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {2E5B7D97-F14C-4CFF-864E-620AABA892D1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {BEA0699E-DD84-4409-A2D8-9107C0219CE0} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files\HomeTab\SystemSockets.exe
Task: {CB5BDCE9-B3B3-4AEA-B5D2-C7B834264DBA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
==================== Loaded Modules (whitelisted) =============
2007-04-25 10:55 - 2007-04-25 10:55 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2007-07-25 16:25 - 2007-07-25 16:25 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2012-09-14 18:37 - 2010-06-17 20:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2014-01-08 19:49 - 2014-01-08 19:45 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-30 19:03 - 2012-07-30 19:03 - 00061496 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Prometheus\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-22 14:54 - 2013-12-22 14:54 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (11/10/2013 06:20:07 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3524 seconds with 2340 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-01-27 12:35:20.981
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-27 12:35:20.888
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-27 12:35:20.825
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-27 12:35:20.747
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-27 12:35:20.701
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-27 12:35:20.638
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-27 12:35:20.591
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-27 12:35:20.545
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-27 12:35:10.919
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-27 12:35:10.857
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 52%
Total physical RAM: 2045.24 MB
Available physical RAM: 970.11 MB
Total Pagefile: 4333.5 MB
Available Pagefile: 2947.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.93 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.76 GB) (Free:157.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 719EE1B5)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
| Themen zu ebenfalls Problem mit http://static.icmapp.com/blank2.html#.... |
| aktuellsten, antivirus, automatisch, avira, cpu, ebenfalls, folge, forum, free, gefunde, hallo zusammen, installier, intel, keine viren, link, nutze, problem, probleme, seite, seiten, super, surfe, surfen, thema, ungewollt, zusammen, öffnen |
Baum-Darstellung