Passwörter gephised!

David1977 · 17.02.2014, 20:15

Hallo Trojaner-Team,
vorab wieder mal ein Dank an eure tolle Arbeit. (Hat nichts mit schleimen zu tun, IST EINFACH SUPER!)

Mir ist an meinem Rechner aufgefallen, das sich jemand in verschiedene Accounts von mir eingeloggt hat.

http://www.trojaner-board.de/146418-...-haengt-2.html

(Nee, war nicht die Freundin

) ...PW hab geändert und gebe sie jetzt immer mit Bildschirmtastatur ein. (Hilft das, oder können Keylogger etc das trotzdem ausspähen?)

Nun hab ich Angst, das mein Laptop auch irgendwie befallen sein könnte.

Ich poste mal die Loggs:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by D (administrator) on D-PC on 17-02-2014 18:48:58
Running from C:\Users\D\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\D\Desktop\Defogger.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16334368 2009-07-23] (NVIDIA Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2347568863-792411842-1525485942-1000\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2347568863-792411842-1525485942-1000\...\MountPoints2: {4c29542a-7203-11e3-a3eb-0023263c3e52} - E:\setup.exe
HKU\S-1-5-21-2347568863-792411842-1525485942-1000\...\MountPoints2: {72e27f3e-6f06-11e3-83ff-00f1d000f1d0} - E:\AutoRun.exe
HKU\S-1-5-21-2347568863-792411842-1525485942-1000\...\MountPoints2: {72e27f70-6f06-11e3-83ff-00f1d000f1d0} - E:\AutoRun.exe
HKU\S-1-5-21-2347568863-792411842-1525485942-1000\...\MountPoints2: {dc1a8588-6f05-11e3-a2bc-00216a38f292} - E:\autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD0C98788C303CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B0EE84C1-E0D7-46E1-8399-D9CB330E52B2}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\mm4fe05s.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF NetworkProxy: "http", "68.45.175.10"
FF NetworkProxy: "http_port", 65535
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF SearchPlugin: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\mm4fe05s.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\mm4fe05s.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\mm4fe05s.default\Extensions\trash [2014-02-11]
FF Extension: Ghostery - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\mm4fe05s.default\Extensions\firefox@ghostery.com.xpi [2013-12-28]
FF Extension: Adblock Plus - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\mm4fe05s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-06]
FF Extension: BetterPrivacy - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\mm4fe05s.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-12-28]
FF Extension: OkayFreedom - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\mm4fe05s.default\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2014-02-06]
FF Extension: QuickJava - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\mm4fe05s.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2013-12-28]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
S4 GtDetectSc; C:\Program Files\o2 Surfstick Speed\GlobeTrotter Connect\GtDetectSc.exe [314880 2008-05-08] (OptionNV)
S3 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [317792 2013-12-10] (Steganos Software GmbH)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
S4 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-02] (FUJITSU LIMITED)
S3 GTUHSBUS; C:\Windows\System32\DRIVERS\gtuhsbus.sys [85504 2008-12-08] (Option N.V.)
S3 GTUHSNDISIPXP; C:\Windows\System32\DRIVERS\gtuhs51.sys [124928 2008-12-08] (Option N.V.)
S3 GTUHSOMS; C:\Windows\System32\DRIVERS\gtuhsoms.sys [29184 2008-12-08] (Option N.V.)
S3 GTUHSSER; C:\Windows\System32\DRIVERS\gtuhsser.sys [10624 2008-12-08] (Option N.V.)
R3 O2MDRDR; C:\Windows\system32\drivers\o2mdx64.sys [57576 2010-05-10] (O2Micro )
R3 O2SCBUS; C:\Windows\System32\DRIVERS\ozscrx64.sys [107808 2009-10-16] (O2Micro)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R3 SMSCIRDA; C:\Windows\System32\DRIVERS\SMSCir64.sys [37760 2009-09-02] (SMSC)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-17 18:28 - 2014-02-17 18:49 - 00007847 _____ () C:\Users\D\Desktop\FRST.txt
2014-02-17 18:20 - 2014-02-17 18:20 - 00000000 ____D () C:\Users\D\Desktop\FRST-OlderVersion
2014-02-17 18:19 - 2014-02-17 18:19 - 00000464 _____ () C:\Users\D\Desktop\defogger_disable.log
2014-02-17 18:19 - 2014-02-17 18:19 - 00000000 _____ () C:\Users\D\defogger_reenable
2014-02-17 18:17 - 2014-02-17 18:17 - 00380416 _____ () C:\Users\D\Desktop\Gmer-19357.exe
2014-02-17 18:17 - 2014-02-17 18:17 - 00050477 _____ () C:\Users\D\Desktop\Defogger.exe
2014-02-17 18:13 - 2014-02-17 18:13 - 00000328 _____ () C:\Windows\PFRO.log
2014-02-16 17:02 - 2014-02-16 17:02 - 00000844 _____ () C:\Users\D\AppData\Local\recently-used.xbel
2014-02-16 17:02 - 2014-02-16 17:02 - 00000000 ____D () C:\Users\D\AppData\Local\gtk-2.0
2014-02-16 17:01 - 2014-02-16 17:01 - 00000000 ____D () C:\Users\D\.thumbnails
2014-02-16 17:00 - 2014-02-16 17:09 - 00000000 ____D () C:\Users\D\.gimp-2.8
2014-02-16 17:00 - 2014-02-16 17:00 - 00000000 ____D () C:\Users\D\AppData\Local\gegl-0.2
2014-02-16 16:59 - 2014-02-16 16:59 - 00000000 ____D () C:\Program Files\GIMP 2
2014-02-16 16:17 - 2014-02-16 16:17 - 00000000 ____D () C:\Users\D\AppData\Roaming\www.rene-zeidler.de
2014-02-16 16:17 - 2014-02-16 16:17 - 00000000 ____D () C:\Users\D\AppData\Local\www.rene-zeidler.de
2014-02-16 16:17 - 2014-02-16 16:17 - 00000000 ____D () C:\ProgramData\www.rene-zeidler.de
2014-02-16 16:16 - 2011-11-04 12:46 - 00733184 _____ (www.rene-zeidler.de) C:\Users\D\Downloads\Snipping Tool Plus.exe
2014-02-16 15:15 - 2014-02-16 15:15 - 00000000 ____D () C:\Users\D\Documents\Ashampoo Burning Studio FREE
2014-02-16 15:13 - 2014-02-16 15:13 - 00001310 _____ () C:\Users\Public\Desktop\Ashampoo Burning Studio FREE.lnk
2014-02-16 15:13 - 2014-02-16 15:13 - 00000214 _____ () C:\Users\Public\Desktop\Your Software Deals.url
2014-02-16 15:13 - 2014-02-16 15:13 - 00000000 ____D () C:\Users\D\AppData\Roaming\Ashampoo
2014-02-16 15:13 - 2014-02-16 15:13 - 00000000 ____D () C:\Users\D\AppData\Local\ashampoo
2014-02-16 15:13 - 2014-02-16 15:13 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-02-16 15:13 - 2014-02-16 15:13 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-02-16 15:04 - 2012-06-05 08:10 - 00816001 _____ () C:\Users\D\Downloads\torbutton-current.xpi
2014-02-16 13:24 - 2014-02-16 13:24 - 09310983 _____ () C:\Users\D\Downloads\vidalia-bridge-bundle-0.2.4.20-0.2.21.exe
2014-02-16 13:24 - 2014-02-16 13:24 - 00409141 _____ () C:\Users\D\Downloads\torbutton146-current.zip
2014-02-16 13:16 - 2014-02-16 14:12 - 3268147200 _____ () C:\Users\D\Downloads\X17-59885.iso
2014-02-16 12:49 - 2014-02-16 19:56 - 00000000 ____D () C:\Users\D\AppData\Roaming\Bitcoin
2014-02-16 12:49 - 2014-02-16 12:49 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-16 12:48 - 2014-02-16 12:48 - 00000000 ____D () C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin
2014-02-16 12:48 - 2014-02-16 12:48 - 00000000 ____D () C:\Program Files (x86)\Bitcoin
2014-02-15 15:30 - 2014-02-15 15:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 20:36 - 2013-12-21 10:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 20:36 - 2013-12-21 08:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 20:34 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 20:34 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 20:34 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 20:34 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 20:34 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 20:34 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 20:34 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 20:34 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-13 20:34 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 20:34 - 2014-02-01 10:18 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 20:34 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 20:34 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-13 20:34 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 20:34 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 20:34 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 20:34 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 20:34 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 20:34 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 20:34 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 20:34 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 20:34 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 20:34 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-13 20:34 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 20:34 - 2014-02-01 08:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 20:34 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 20:34 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-13 20:34 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 20:34 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 20:34 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 20:34 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 20:34 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 20:33 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 20:33 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 20:33 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 20:33 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 20:33 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 20:33 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 20:33 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 20:33 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 16:34 - 2014-02-11 16:34 - 00000000 ____D () C:\Users\D\Desktop\Tor Browser
2014-02-11 16:26 - 2014-02-11 16:26 - 00067440 _____ () C:\Users\D\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-10 17:13 - 2014-02-10 17:13 - 00000029 _____ () C:\Users\D\Documents\****.txt
2014-02-10 16:15 - 2014-02-10 16:15 - 00000720 _____ () C:\Users\D\Documents\***.word.txt
2014-02-10 16:13 - 2014-02-11 11:24 - 00013069 _____ () C:\Users\D\Documents\****.odt
2014-02-08 14:03 - 2014-02-17 18:14 - 00004157 _____ () C:\Windows\setupact.log
2014-02-08 14:03 - 2014-02-08 14:03 - 00311304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-08 14:03 - 2014-02-08 14:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-07 18:30 - 2014-02-17 18:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-07 18:30 - 2014-02-07 18:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-06 17:00 - 2014-02-06 17:00 - 00001080 _____ () C:\Users\Public\Desktop\OkayFreedom.lnk
2014-02-06 17:00 - 2014-02-06 17:00 - 00000000 ____D () C:\Users\D\AppData\Roaming\Steganos VPN
2014-02-06 16:58 - 2014-02-06 17:00 - 00000000 ____D () C:\Program Files (x86)\OkayFreedom
2014-02-06 16:57 - 2014-02-07 17:55 - 00000000 ____D () C:\Users\D\AppData\Roaming\Steganos
2014-02-05 15:38 - 2014-02-05 15:38 - 00000344 _____ () C:\Users\D\Documents\wlan.txt

==================== One Month Modified Files and Folders =======

2014-02-17 18:49 - 2014-02-17 18:28 - 00007847 _____ () C:\Users\D\Desktop\FRST.txt
2014-02-17 18:48 - 2013-12-28 17:00 - 00000000 ____D () C:\FRST
2014-02-17 18:47 - 2013-12-27 13:44 - 00000000 ____D () C:\Users\D\AppData\Local\Windows Live
2014-02-17 18:47 - 2013-04-30 18:54 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-02-17 18:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-17 18:28 - 2014-02-07 18:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-17 18:20 - 2014-02-17 18:20 - 00000000 ____D () C:\Users\D\Desktop\FRST-OlderVersion
2014-02-17 18:20 - 2013-12-28 15:07 - 02152448 _____ (Farbar) C:\Users\D\Desktop\FRST64.exe
2014-02-17 18:19 - 2014-02-17 18:19 - 00000464 _____ () C:\Users\D\Desktop\defogger_disable.log
2014-02-17 18:19 - 2014-02-17 18:19 - 00000000 _____ () C:\Users\D\defogger_reenable
2014-02-17 18:19 - 2013-12-27 13:44 - 00000000 ____D () C:\Users\D
2014-02-17 18:17 - 2014-02-17 18:17 - 00380416 _____ () C:\Users\D\Desktop\Gmer-19357.exe
2014-02-17 18:17 - 2014-02-17 18:17 - 00050477 _____ () C:\Users\D\Desktop\Defogger.exe
2014-02-17 18:17 - 2013-12-27 13:42 - 01755208 _____ () C:\Windows\WindowsUpdate.log
2014-02-17 18:14 - 2014-02-08 14:03 - 00004157 _____ () C:\Windows\setupact.log
2014-02-17 18:13 - 2014-02-17 18:13 - 00000328 _____ () C:\Windows\PFRO.log
2014-02-17 18:13 - 2013-12-28 12:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-17 18:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-16 20:19 - 2009-07-14 05:45 - 00027248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-16 20:19 - 2009-07-14 05:45 - 00027248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-16 19:56 - 2014-02-16 12:49 - 00000000 ____D () C:\Users\D\AppData\Roaming\Bitcoin
2014-02-16 17:09 - 2014-02-16 17:00 - 00000000 ____D () C:\Users\D\.gimp-2.8
2014-02-16 17:02 - 2014-02-16 17:02 - 00000844 _____ () C:\Users\D\AppData\Local\recently-used.xbel
2014-02-16 17:02 - 2014-02-16 17:02 - 00000000 ____D () C:\Users\D\AppData\Local\gtk-2.0
2014-02-16 17:01 - 2014-02-16 17:01 - 00000000 ____D () C:\Users\D\.thumbnails
2014-02-16 17:00 - 2014-02-16 17:00 - 00000000 ____D () C:\Users\D\AppData\Local\gegl-0.2
2014-02-16 16:59 - 2014-02-16 16:59 - 00000000 ____D () C:\Program Files\GIMP 2
2014-02-16 16:17 - 2014-02-16 16:17 - 00000000 ____D () C:\Users\D\AppData\Roaming\www.rene-zeidler.de
2014-02-16 16:17 - 2014-02-16 16:17 - 00000000 ____D () C:\Users\D\AppData\Local\www.rene-zeidler.de
2014-02-16 16:17 - 2014-02-16 16:17 - 00000000 ____D () C:\ProgramData\www.rene-zeidler.de
2014-02-16 15:15 - 2014-02-16 15:15 - 00000000 ____D () C:\Users\D\Documents\Ashampoo Burning Studio FREE
2014-02-16 15:13 - 2014-02-16 15:13 - 00001310 _____ () C:\Users\Public\Desktop\Ashampoo Burning Studio FREE.lnk
2014-02-16 15:13 - 2014-02-16 15:13 - 00000214 _____ () C:\Users\Public\Desktop\Your Software Deals.url
2014-02-16 15:13 - 2014-02-16 15:13 - 00000000 ____D () C:\Users\D\AppData\Roaming\Ashampoo
2014-02-16 15:13 - 2014-02-16 15:13 - 00000000 ____D () C:\Users\D\AppData\Local\ashampoo
2014-02-16 15:13 - 2014-02-16 15:13 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-02-16 15:13 - 2014-02-16 15:13 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-02-16 14:12 - 2014-02-16 13:16 - 3268147200 _____ () C:\Users\D\Downloads\X17-59885.iso
2014-02-16 13:24 - 2014-02-16 13:24 - 09310983 _____ () C:\Users\D\Downloads\vidalia-bridge-bundle-0.2.4.20-0.2.21.exe
2014-02-16 13:24 - 2014-02-16 13:24 - 00409141 _____ () C:\Users\D\Downloads\torbutton146-current.zip
2014-02-16 12:49 - 2014-02-16 12:49 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-16 12:48 - 2014-02-16 12:48 - 00000000 ____D () C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin
2014-02-16 12:48 - 2014-02-16 12:48 - 00000000 ____D () C:\Program Files (x86)\Bitcoin
2014-02-16 12:43 - 2013-12-28 12:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-02-15 15:30 - 2014-02-15 15:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 15:25 - 2013-12-28 14:49 - 00002264 _____ () C:\Windows\Sandboxie.ini
2014-02-14 12:12 - 2013-04-30 19:19 - 00000000 ____D () C:\Windows\Panther
2014-02-13 20:43 - 2013-12-28 17:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 20:41 - 2013-12-28 17:37 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-13 20:38 - 2013-04-30 18:29 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-13 20:38 - 2012-10-01 07:29 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-02-13 20:38 - 2012-10-01 07:29 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-02-13 20:37 - 2009-07-14 06:13 - 01594892 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 16:34 - 2014-02-11 16:34 - 00000000 ____D () C:\Users\D\Desktop\Tor Browser
2014-02-11 16:26 - 2014-02-11 16:26 - 00067440 _____ () C:\Users\D\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-11 11:24 - 2014-02-10 16:13 - 00013069 _____ () C:\Users\D\Documents\****.odt
2014-02-10 17:13 - 2014-02-10 17:13 - 00000029 _____ () C:\Users\D\Documents\****.txt
2014-02-10 16:15 - 2014-02-10 16:15 - 00000720 _____ () C:\Users\D\Documents\****.word.txt
2014-02-08 14:03 - 2014-02-08 14:03 - 00311304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-08 14:03 - 2014-02-08 14:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-07 18:30 - 2014-02-07 18:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-07 18:30 - 2013-12-28 15:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-07 18:30 - 2013-12-28 15:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-07 17:55 - 2014-02-06 16:57 - 00000000 ____D () C:\Users\D\AppData\Roaming\Steganos
2014-02-06 17:00 - 2014-02-06 17:00 - 00001080 _____ () C:\Users\Public\Desktop\OkayFreedom.lnk
2014-02-06 17:00 - 2014-02-06 17:00 - 00000000 ____D () C:\Users\D\AppData\Roaming\Steganos VPN
2014-02-06 17:00 - 2014-02-06 16:58 - 00000000 ____D () C:\Program Files (x86)\OkayFreedom
2014-02-05 15:38 - 2014-02-05 15:38 - 00000344 _____ () C:\Users\D\Documents\wlan.txt
2014-02-01 10:20 - 2014-02-13 20:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-13 20:34 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-01 10:19 - 2014-02-13 20:34 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-01 10:18 - 2014-02-13 20:34 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-13 20:34 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-13 20:34 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-13 20:34 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-13 20:34 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-01 10:18 - 2014-02-13 20:34 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-13 20:34 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-01 10:18 - 2014-02-13 20:34 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-01 10:18 - 2014-02-13 20:34 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-13 20:34 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-13 20:34 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-13 20:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-13 20:34 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-13 20:34 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-01 08:57 - 2014-02-13 20:34 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-13 20:34 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-13 20:34 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-13 20:34 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-13 20:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-13 20:34 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-13 20:34 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-01 08:57 - 2014-02-13 20:34 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-13 20:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-13 20:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-13 20:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-13 20:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-13 20:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-13 20:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

Some content of TEMP:
====================
C:\Users\D\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-27 14:49

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2014
Ran by D at 2014-02-17 18:49:15
Running from C:\Users\D\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Ashampoo Burning Studio FREE v.1.12.0 (x32 Version: 1.12.0 - Ashampoo GmbH & Co. KG)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Bitcoin (HKCU Version: 0.8.1 - Bitcoin project)
CCleaner (Version: 4.09 - Piriform)
GIMP 2.8.10 (Version: 2.8.10 - The GIMP Team)
HUAWEI DataCard Driver 4.20.12.00 (x32 Version: 4.20.12.00 - Huawei technologies Co., Ltd.)
LibreOffice 3.6 (x32 Version: 3.6.1.2 - The Document Foundation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office (x32 Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mobile Connection Manager (x32 Version:  - Mobile Connection Manager)
Mozilla Firefox 27.0.1 (x86 de) (x32 Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0.1 - Mozilla)
NVIDIA Drivers (Version: 1.5 - NVIDIA Corporation)
o2 Verbindungsmanager  (Version: 3.0.0.924 - Option NV)
o2 Verbindungsmanager (Version: 3.0.0.924 - Option NV) Hidden
OkayFreedom (x32 Version: 1.2 - Steganos Software GmbH)
Sandboxie 4.08 (64-bit) (Version: 4.08 - Sandboxie Holdings, LLC)
TrueCrypt (x32 Version: 7.1a - TrueCrypt Foundation)
VirtualCloneDrive (x32 Version: 5.4.7.0 - Elaborate Bytes)
WinRAR 5.01 (64-Bit) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

07-01-2014 14:32:35 Windows Update
16-01-2014 18:48:18 Windows Update
06-02-2014 15:59:16 Gerätetreiber-Paketinstallation: TAP-Windows Provider V9 Netzwerkadapter
13-02-2014 19:33:32 Windows Update
17-02-2014 17:34:50 Windows Live Essentials
17-02-2014 17:35:21 WLSetup

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0FA0E628-64AE-4878-8627-A2AEE81DFFDF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-07] (Adobe Systems Incorporated)
Task: {5ACF1CDF-10A7-433F-A371-64043B4DE52F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-02-17 18:17 - 2014-02-17 18:17 - 00050477 _____ () C:\Users\D\Desktop\Defogger.exe
2013-12-17 20:19 - 2013-12-17 20:19 - 00049152 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-02-15 15:30 - 2014-02-15 15:30 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: OkayFreedom VPN Starter Service => 3
MSCONFIG\Services: TGCM_ImportWiFiSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^o2 Verbindungsmanager.lnk => C:\Windows\pss\o2 Verbindungsmanager.lnk.CommonStartup
MSCONFIG\startupreg: OKAYFREEDOM_Agent => "C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2014 06:14:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2014 00:42:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2014 03:25:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/14/2014 05:33:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/14/2014 00:13:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2014 03:45:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/11/2014 04:25:09 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (02/11/2014 04:25:08 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (02/11/2014 04:25:07 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (02/08/2014 02:04:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/08/2014 02:04:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.


Microsoft Office Sessions:
=========================
Error: (02/17/2014 06:14:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2014 05:18:27 PM) (Source: Software Protection Platform Service)(User: )
Description: 0xC004F015CD72Ja0cde89c-3304-4157-b61c-c8ad785d1fad?

Error: (02/16/2014 04:48:58 PM) (Source: Software Protection Platform Service)(User: )
Description: 0xC004F015733WD50e329f7-a5fa-46b2-85fd-f224e5da7764?

Error: (02/16/2014 03:38:47 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C0035e017a8a-f3f9-4167-b1bd-ba3e236a4d8f

Error: (02/16/2014 03:38:47 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C00300010001(0x00000000, 15:38:46:772 - hxxp://go.microsoft.com/fwlink/?LinkID=88340)
00020001(0x00000000, 15:38:46:772)
00030001(0x00000000, 15:38:46:772 - hxxp://go.microsoft.com)
00030002(0x00000000, 15:38:46:772 - 1)
00020005(0x00000000, 15:38:46:772 - 0)
0002000C(0x00000000, 15:38:46:986 - 302)
0002000E(0x00000000, 15:38:46:986 - https://activation.sls.microsoft.com/slpkc/SLCertifyProduct.asmx)
00020001(0x00000000, 15:38:46:986)
00030001(0x00000000, 15:38:46:986 - https://activation.sls.microsoft.com)
00030002(0x00000000, 15:38:46:986 - 1)
00020005(0x00000000, 15:38:46:986 - 0)
0002000C(0x00000000, 15:38:47:177 - 500)
00010002(0x8004FC01, 15:38:47:180 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C003</HRESULT><Messages><Message>103 (Activation) - [PA Product key blocked.  ---&gt; Product key blocked]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 15:38:47:181)

Error: (02/16/2014 00:42:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2014 03:25:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/14/2014 05:33:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/14/2014 00:13:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2014 03:45:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 36%
Total physical RAM: 3995.88 MB
Available physical RAM: 2550.82 MB
Total Pagefile: 7989.94 MB
Available Pagefile: 6226.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:457.28 GB) (Free:406.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E1A8D9AA)
Partition 1: (Active) - (Size=8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=457 GB) - (Type=07 NTFS)

==================== End Of Log ============================

GMER:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-17 20:03:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BPVT-00HXZT1 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\D\AppData\Local\Temp\pgldapog.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [2580:1204]  000007fef8ab9688

---- EOF - GMER 2.1 ----

Hab jetzt Mbam durchlaufen lassen, hier das Logg:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.17.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16798
D :: D-PC [limitiert]

17.02.2014 20:30:06
MBAM-log-2014-02-17 (20-33-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 207877
Laufzeit: 2 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\ProgramData\boost_interprocess (PUP.Optional.BoostInterProcess.A) -> Keine Aktion durchgeführt.
C:\ProgramData\boost_interprocess\20140216124033.375199 (PUP.Optional.BoostInterProcess.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Als ich Mbam die infizierten Objekte löschen öassen wollte, war mein AV-Scanner noch an und hat den Zugriff auf die Regestry verweigert

Sind die Objekte trotzdem gelöscht?
Beim Neuscan wurde zumindest nichts mehr gefunden.
Danke

schrauber · 18.02.2014, 07:21

Hi,

hast Du den Proxy in Firefox gesetzt? Bildschirmtastatur bringt nüscht

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

David1977 · 18.02.2014, 18:45

Ja, das mit dem Proxy war ich, war ein Versuch, hat aber nicht geklappt. Leider hab ich mich auch erst viel viel zu spät mit Datenschutz beschäftigt, mittlerweile hab ich mich ein bißchen in die Materie reingelesen. VPN etc.

Hat Mbam jetzt die gefundenen Sachen gelöscht? (s. Frage oben)

MBR ist ohne Befund. (soll ich jetzt sagen leider

)

schrauber · 19.02.2014, 15:46

Solange du nit auf Löschen klickst löscht MBAM auch nix. Die Funde waren eh nur Müll.

Hast Du seit Änderung der PW nochmal was gemerkt?

David1977 · 19.02.2014, 18:41

Doch, ich hab ja auf löschen geklickt, doch die Firewall hat dann den Zugriff verweigert.
Bemerkt hab ich nichts mehr.

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.18.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16798
D :: D-PC [administrator]

18.02.2014 17:27:34
mbar-log-2014-02-18 (17-27-34).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 220269
Time elapsed: 30 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Ich bin jetzt hier mit meinen beiden Thread dureinandergekommen, und hab hier auf dem Laptop auch TDSS ausgeführt. Das hat einen Fund, ich hab aber kein Logfile gefunden, wie in der Beschreibung steht.

Fund war: GTDetectsc.multi.generic

schrauber · 20.02.2014, 14:24

Das ist auch nix wirkliches. Kiste is sauber

David1977 · 20.02.2014, 17:24

Sauber!

Vielen Dank für Deine Zeit und Deine Hilfe.

Netten Gruß

schrauber · 21.02.2014, 11:49

Gern Geschehen

David1977 · 21.03.2014, 17:10

Hallo schrauber,

Emisoft hat heute 1 Objekt gefunden,
Kannst Du mal ´kurz´drüber schauen?

Danke im Voraus

Code:

ATTFilter

Emsisoft Anti-Malware - Version 8.1
Letztes Update: 21.03.2014 15:04:56
Benutzerkonto: D-PC\D

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\

PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	21.03.2014 15:52:43
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS 	gefunden: Setting.DisableRegistryTools (A)

Gescannt	175160
Gefunden	1

Scan Ende:	21.03.2014 16:23:07
Scan Zeit:	0:30:24

schrauber · 22.03.2014, 10:38

Inaktiver Rest, kannste entfernen

David1977 · 01.04.2014, 01:20

Hallo mal wieder

Eben stürzt mein Windows komplett ab, der Bildschirm wird blau, ich lese nur ganz kurz was von DUMP und ner % Zahl...für 2-3 sek.

War das jetzt was von Windows oder was ist passiert?

Das steht im FRST.Logg dazu:

Code:

ATTFilter

System errors:
=============
Error: (04/01/2014 01:56:26 AM) (Source: BugCheck) (User: )
Description: 0x000000d1 (0x0000000000000064, 0x0000000000000002, 0x0000000000000000, 0xfffff88003cd3bbe)C:\Windows\MEMORY.DMP040114-18205-01

Error: (04/01/2014 01:56:23 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎01.‎04.‎2014 um 01:54:53 unerwartet heruntergefahren.

Muss ich mir Sorgen machen?

Danke

schrauber · 01.04.2014, 13:02

genau dieses Dumpfile bitte zippen und anhängen.

David1977 · 01.04.2014, 13:44

Zitat:

Zitat von schrauber

genau dieses Dumpfile bitte zippen und anhängen.

Diese File gibt es auch nirgendwo :\

Kapier das nicht!!

schrauber · 02.04.2014, 11:27

Und im Ordner C:\Windows\Minidump ist auch nichts?

David1977 · 08.04.2014, 18:03

Zitat:

Zitat von schrauber

Und im Ordner C:\Windows\Minidump ist auch nichts?

Ordner hab ich gefunden, ist aber leer.

19.02.2014, 15:46	#4
schrauber /// the machine /// TB-Ausbilder	Passwörter gephised! Solange du nit auf Löschen klickst löscht MBAM auch nix. Die Funde waren eh nur Müll. Hast Du seit Änderung der PW nochmal was gemerkt? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

20.02.2014, 14:24	#6
schrauber /// the machine /// TB-Ausbilder	Passwörter gephised! Das ist auch nix wirkliches. Kiste is sauber __________________ --> Passwörter gephised!

21.02.2014, 11:49	#8
schrauber /// the machine /// TB-Ausbilder	Passwörter gephised! Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

22.03.2014, 10:38	#10
schrauber /// the machine /// TB-Ausbilder	Passwörter gephised! Inaktiver Rest, kannste entfernen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

01.04.2014, 13:02	#12
schrauber /// the machine /// TB-Ausbilder	Passwörter gephised! genau dieses Dumpfile bitte zippen und anhängen. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Passwörter gephised!

Log-Analyse und Auswertung: Passwörter gephised!