| |
| |||||||
Log-Analyse und Auswertung: WIN7: Avira wird durch Gruppenrichtlinie blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.05.2014, 19:55
| #1 |
| |  WIN7: Avira wird durch Gruppenrichtlinie blockiert Hallo liebes Trojaner-Board-Team, ich habe seit etwa einer Woche folgendes Problem: Avira lässt sich nicht starten, deinstallieren oder neu installieren, auch nicht im abgesicherten Modus. Es kommt immer die Fehlermeldung: "dieses Programm wird durch eine Gruppenrichtline blockiert". Gruppenrichtlinien sind auf meinem Rechner nicht eingerichtet, ich befürchte einen Befall. Was ich bisher (erfolglos) versucht habe: Im abgesicherten Modus alle *.exe-Dateien der letzten 14 Tage gelöscht HijackThis und Malwarebytes durchlaufen lassen und Funde gelöscht (HijackThis Logfile unten) ComboFix durchlaufen lassen Normalerweise würde ich jetzt plattmachen, könnte dann aber meine CAD-Software nicht mehr nutzen, die noch von der Meisterschule her auf meinem Rechner installiert ist. Könnt Ihr mir bitte helfen? Vielen Dank! Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:50 on 05/05/2014 (Blakkbyrd)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2014
Ran by Blakkbyrd (administrator) on LAPTOP2 on 05-05-2014 19:51:27
Running from C:\Users\Blakkbyrd\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-04-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSF&bmod=FTSF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {8EDB9325-5002-4B25-8C08-702F485FA6EB} URL =
SearchScopes: HKCU - {58FF7CBB-2653-495A-A9EB-5E9462507AA2} URL =
SearchScopes: HKCU - {8EDB9325-5002-4B25-8C08-702F485FA6EB} URL =
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Blakkbyrd\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-22]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-10-21]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [125008 2014-04-30] (Avira Operations GmbH & Co. KG)
S2 FirebirdGuardianDefaultInstance; C:\Programme\Firebird_1_5\Bin\fbguard.exe [65536 2004-12-13] (The Firebird Project)
S2 FirebirdServerDefaultInstance; C:\Programme\Firebird_1_5\Bin\fbserver.exe [1527893 2004-12-13] (The Firebird Project)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()
S4 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2010-09-29] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2010-08-13] (TuneUp Software)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
S4 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] ()
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [34704 2009-12-24] (CSR, plc)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-04-16] (Duplex Secure Ltd.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-05 19:51 - 2014-05-05 19:51 - 00013376 _____ () C:\Users\Blakkbyrd\Desktop\FRST.txt
2014-05-05 19:51 - 2014-05-05 19:51 - 00000000 ___DC () C:\FRST
2014-05-05 19:45 - 2014-05-05 19:50 - 00000532 _____ () C:\Users\Blakkbyrd\Desktop\defogger_disable.log
2014-05-05 19:45 - 2014-05-05 19:45 - 00000020 _____ () C:\Users\Blakkbyrd\defogger_reenable
2014-05-05 19:36 - 2014-05-05 19:36 - 00380416 _____ () C:\Users\Blakkbyrd\Desktop\Gmer-19357.exe
2014-05-05 19:35 - 2014-05-05 19:35 - 02063872 _____ (Farbar) C:\Users\Blakkbyrd\Desktop\FRST64.exe
2014-05-05 19:33 - 2014-05-05 19:33 - 00050477 _____ () C:\Users\Blakkbyrd\Desktop\Defogger.exe
2014-05-02 06:49 - 2014-05-02 06:49 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-05-01 07:14 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-01 07:14 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-01 07:14 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-30 22:02 - 2014-05-01 07:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-04-30 22:02 - 2014-05-01 07:14 - 00000000 ____D () C:\ProgramData\Avira
2014-04-30 22:02 - 2014-05-01 07:14 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-30 22:02 - 2014-04-30 22:02 - 00001103 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-30 21:56 - 2014-04-30 21:56 - 00019777 ____C () C:\ComboFix.txt
2014-04-29 22:13 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-29 22:13 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-29 22:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-29 22:05 - 2014-04-30 21:56 - 00000000 ___DC () C:\Qoobox
2014-04-29 22:05 - 2014-04-29 22:26 - 00000000 ____D () C:\Windows\erdnt
2014-04-29 21:15 - 2014-04-29 21:15 - 00000676 __RSH () C:\Users\Blakkbyrd\ntuser.pol
2014-04-28 21:17 - 2014-05-01 18:21 - 00181390 _____ () C:\Windows\PFRO.log
2014-04-27 21:58 - 2014-04-30 22:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-27 21:42 - 2014-04-27 21:42 - 00001037 _____ () C:\Users\Blakkbyrd\Desktop\Cloud Drive - Verknüpfung.lnk
2014-04-27 21:41 - 2014-04-27 21:41 - 00000000 ____D () C:\Users\Blakkbyrd\Cloud Drive
2014-04-27 21:39 - 2014-04-27 21:39 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Amazon Cloud Drive
2014-04-27 21:37 - 2014-04-30 21:56 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Apps\2.0
2014-04-27 21:37 - 2014-04-27 21:41 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Deployment
2014-04-27 21:36 - 2014-04-27 21:37 - 00503104 _____ () C:\Users\Blakkbyrd\Downloads\AmazonCloudDriveSetup.exe
2014-04-26 09:19 - 2014-04-26 09:30 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-04-26 08:41 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-26 08:41 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-26 08:41 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-26 08:41 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-25 19:27 - 2014-04-25 19:27 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Downloaded Installations
2014-04-25 18:07 - 2014-05-05 19:46 - 00001960 _____ () C:\Windows\setupact.log
2014-04-21 09:56 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-21 09:56 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-21 09:56 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-21 09:56 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-21 09:56 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-21 09:56 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-21 09:56 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-21 09:56 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-21 09:56 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-21 09:56 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-21 09:56 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-21 09:56 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-21 09:56 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-21 09:56 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-21 09:56 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-21 09:56 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-21 09:56 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-21 09:56 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-21 09:56 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-21 09:56 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-21 09:56 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-21 09:56 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-21 09:56 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-21 09:56 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-21 09:56 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-21 09:56 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-21 09:56 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-21 09:56 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-21 09:56 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-21 09:56 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-21 09:56 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-21 09:56 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-21 09:56 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-21 09:56 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-21 09:56 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-21 09:56 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-21 09:55 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-21 09:55 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-21 09:55 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-21 09:55 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-21 09:55 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-21 09:55 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-21 09:55 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-21 09:55 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-21 09:55 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-21 09:55 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-04-21 09:55 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-21 09:54 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-21 09:54 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-21 09:54 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-21 09:54 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-21 09:54 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-21 09:54 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-21 09:54 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-21 09:54 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-21 09:54 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-14 19:01 - 2014-04-14 19:01 - 02328864 _____ () C:\Users\Blakkbyrd\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2014-04-07 06:18 - 2014-04-07 06:18 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf5218679b7537.job
==================== One Month Modified Files and Folders =======
2014-05-05 19:51 - 2014-05-05 19:51 - 00013376 _____ () C:\Users\Blakkbyrd\Desktop\FRST.txt
2014-05-05 19:51 - 2014-05-05 19:51 - 00000000 ___DC () C:\FRST
2014-05-05 19:51 - 2010-09-29 03:00 - 01130281 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 19:50 - 2014-05-05 19:45 - 00000532 _____ () C:\Users\Blakkbyrd\Desktop\defogger_disable.log
2014-05-05 19:46 - 2014-04-25 18:07 - 00001960 _____ () C:\Windows\setupact.log
2014-05-05 19:45 - 2014-05-05 19:45 - 00000020 _____ () C:\Users\Blakkbyrd\defogger_reenable
2014-05-05 19:45 - 2010-09-28 18:41 - 00000000 ____D () C:\Users\Blakkbyrd
2014-05-05 19:40 - 2013-07-11 00:29 - 00005984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-05 19:40 - 2013-07-11 00:29 - 00005984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-05 19:36 - 2014-05-05 19:36 - 00380416 _____ () C:\Users\Blakkbyrd\Desktop\Gmer-19357.exe
2014-05-05 19:35 - 2014-05-05 19:35 - 02063872 _____ (Farbar) C:\Users\Blakkbyrd\Desktop\FRST64.exe
2014-05-05 19:33 - 2014-05-05 19:33 - 00050477 _____ () C:\Users\Blakkbyrd\Desktop\Defogger.exe
2014-05-03 19:31 - 2012-11-04 22:48 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Roaming\Skype
2014-05-02 06:49 - 2014-05-02 06:49 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-05-01 18:21 - 2014-04-28 21:17 - 00181390 _____ () C:\Windows\PFRO.log
2014-05-01 07:14 - 2014-04-30 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-01 07:14 - 2014-04-30 22:02 - 00000000 ____D () C:\ProgramData\Avira
2014-05-01 07:14 - 2014-04-30 22:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-30 22:02 - 2014-04-30 22:02 - 00001103 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-30 22:02 - 2014-04-27 21:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-30 21:56 - 2014-04-30 21:56 - 00019777 ____C () C:\ComboFix.txt
2014-04-30 21:56 - 2014-04-29 22:05 - 00000000 ___DC () C:\Qoobox
2014-04-30 21:56 - 2014-04-27 21:37 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Apps\2.0
2014-04-30 21:54 - 2009-07-14 04:34 - 00000215 ____C () C:\Windows\system.ini
2014-04-29 22:28 - 2010-09-28 18:38 - 00000000 ____D () C:\Users\TxR
2014-04-29 22:28 - 2010-09-28 18:38 - 00000000 ____D () C:\Users\systemprofile
2014-04-29 22:28 - 2010-09-28 18:38 - 00000000 ____D () C:\Users\RegBack
2014-04-29 22:28 - 2010-09-28 18:38 - 00000000 ____D () C:\Users\Journal
2014-04-29 22:26 - 2014-04-29 22:05 - 00000000 ____D () C:\Windows\erdnt
2014-04-29 21:37 - 2013-03-30 01:37 - 00010437 _____ () C:\Users\Blakkbyrd\Desktop\hijackthis.log
2014-04-29 21:15 - 2014-04-29 21:15 - 00000676 __RSH () C:\Users\Blakkbyrd\ntuser.pol
2014-04-29 19:46 - 2011-05-03 09:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-28 19:50 - 2013-02-25 21:57 - 00001079 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-28 19:50 - 2013-02-25 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-04-28 19:50 - 2013-02-25 21:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-28 18:48 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-27 21:46 - 2010-09-28 18:41 - 00000000 ___RD () C:\Users\Blakkbyrd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup
2014-04-27 21:43 - 2013-04-29 19:59 - 00065024 ___SH () C:\Users\Blakkbyrd\Thumbs.db
2014-04-27 21:42 - 2014-04-27 21:42 - 00001037 _____ () C:\Users\Blakkbyrd\Desktop\Cloud Drive - Verknüpfung.lnk
2014-04-27 21:41 - 2014-04-27 21:41 - 00000000 ____D () C:\Users\Blakkbyrd\Cloud Drive
2014-04-27 21:41 - 2014-04-27 21:37 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Deployment
2014-04-27 21:40 - 2013-01-28 12:46 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-04-27 21:39 - 2014-04-27 21:39 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Amazon Cloud Drive
2014-04-27 21:37 - 2014-04-27 21:36 - 00503104 _____ () C:\Users\Blakkbyrd\Downloads\AmazonCloudDriveSetup.exe
2014-04-26 17:53 - 2013-10-21 16:52 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Roaming\Swiss Academic Software
2014-04-26 17:51 - 2013-10-21 16:52 - 00000000 ____D () C:\Users\Blakkbyrd\Documents\Citavi 4
2014-04-26 15:40 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-26 09:30 - 2014-04-26 09:19 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-04-26 08:06 - 2012-02-08 21:44 - 00000000 ____D () C:\Windows\pss
2014-04-25 19:29 - 2013-10-21 16:52 - 00000000 ____D () C:\ProgramData\Swiss Academic Software
2014-04-25 19:29 - 2013-10-21 16:51 - 00001601 _____ () C:\Users\Public\Desktop\Citavi 4.lnk
2014-04-25 19:29 - 2013-10-21 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4
2014-04-25 19:27 - 2014-04-25 19:27 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Downloaded Installations
2014-04-25 14:17 - 2011-12-27 01:21 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-04-25 14:14 - 2012-01-07 18:31 - 00000000 ____D () C:\Users\Blakkbyrd\Desktop\Sonstige Programme
2014-04-25 12:31 - 2009-07-14 04:34 - 73924608 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old
2014-04-25 12:31 - 2009-07-14 04:34 - 30670848 _____ () C:\Windows\system32\config\SYSTEM_tureg_old
2014-04-25 12:31 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY_tureg_old
2014-04-25 12:27 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM_tureg_old
2014-04-25 12:27 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT_tureg_old
2014-04-21 12:51 - 2009-07-14 06:45 - 00344864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-21 10:01 - 2013-08-27 18:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-18 16:31 - 2010-04-26 15:06 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-04-18 16:31 - 2010-04-26 15:06 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-04-18 16:31 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 19:01 - 2014-04-14 19:01 - 02328864 _____ () C:\Users\Blakkbyrd\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2014-04-14 19:01 - 2012-01-07 19:23 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Roaming\Amazon
2014-04-09 21:40 - 2012-02-07 22:02 - 00000000 ____D () C:\Users\Blakkbyrd\Documents\My Games
2014-04-09 21:37 - 2010-09-29 02:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-07 06:18 - 2014-04-07 06:18 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf5218679b7537.job
Files to move or delete:
====================
C:\ProgramData\frjrl9j.ctrl
C:\ProgramData\frjrl9j.pff
C:\ProgramData\grhbbnwl.ctrl
C:\ProgramData\grhbbnwl.pff
C:\ProgramData\j6lbrj2bn.ctrl
C:\ProgramData\j6lbrj2bn.pff
C:\ProgramData\urlccdhlftxcwbvuuwc.bat
C:\ProgramData\urlccdhlftxcwbvuuwc.reg
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
LastRegBack: 2013-09-02 15:21
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-05-2014
Ran by Blakkbyrd at 2014-05-05 19:52:24
Running from C:\Users\Blakkbyrd\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.7 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AGEIA PhysX v7.07.24 (HKLM-x32\...\{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}) (Version: 7.07.24 - AGEIA Technologies, Inc.)
AIS Connect (HKLM-x32\...\AIS Connect) (Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH)
AIS Connect (x32 Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) Hidden
Amazon Cloud Drive (HKCU\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{e932572a-a65f-40cb-bdb9-fde856c8b6f5}) (Version: 1.1.12.20001 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.12.20001 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BDE_PRO (x32 Version: 5.1.1 - Borland Software Corp.) Hidden
Bluetooth Feature Pack 5.0 (HKLM\...\{B2F4C332-2359-4ADE-AF0C-C631768BBB89}) (Version: 5.0.14 - CSR Plc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
eBay (HKLM-x32\...\{9983CD31-473F-4808-8317-5346119F0187}) (Version: 1.0.1 - eBay Inc.)
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version: - )
Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.006 - HTC Corporation)
HTC Sync (HKLM-x32\...\{3B345B4A-2E94-4346-A38F-17E1347A0DA7}) (Version: 3.0.5527 - HTC Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
interCAD (HKLM-x32\...\{E93A9ECE-6459-4652-AC62-701A1D9A8BB9}) (Version: 1.78.6.16 - Solva Groep B.V.)
interCAD (x32 Version: 1.78.6.16 - Solva Groep B.V.) Hidden
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416025FF}) (Version: 6.0.250 - Oracle)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60129.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version: - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
Schachtrainer (HKLM-x32\...\Schachtrainer_is1) (Version: - Tivola Development GmbH)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Sony Ericsson Drivers (HKLM-x32\...\{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}) (Version: 1.0.28 - Sony Ericsson)
StarVars '97 for Win32 (HKLM-x32\...\StarVars '97 for Win32) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
SystemDiagnostics (HKLM-x32\...\{EF59DB7F-7426-426E-B862-7031F83ED304}) (Version: 2.04.0006 - Fujitsu Technology Solutions)
TuneUp Utilities (HKLM-x32\...\TuneUp Utilities) (Version: 9.0.4500.29 - TuneUp Software)
TuneUp Utilities (x32 Version: 9.0.4500.29 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-GB) (x32 Version: 9.0.4500.29 - TuneUp Software) Hidden
Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Wireless Selector (HKLM-x32\...\InstallShield_{51692C66-5505-41B8-92A7-548C69FB867C}) (Version: - )
Wireless Selector (Version: 4.01.00.101 - FUJITSU LIMITED) Hidden
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-04-29 22:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {13F6C31A-607B-4C68-853A-061AE4C23A4B} - System32\Tasks\{CADBA601-5943-49CD-A87E-D0ACC3B8486F} => D:\Games\blood money\Hitman - Blood Money.exe
Task: {39DC7ABF-498D-4F9D-A239-00DF620D5AA0} - System32\Tasks\{A45763C8-7869-4955-B449-BC9ACDBC6ADF} => D:\You Don't Know Jack 4\YDKJ 4.exe
Task: {3A6C8EA1-7615-45AC-85D7-F64D4529922B} - System32\Tasks\{06D23584-01AB-4344-92E7-463848B42EF1} => C:\Program Files (x86)\Wildfire Software\WinLems\WinLems.exe
Task: {3CB819C5-526D-44CD-BDB7-29D25608FC11} - System32\Tasks\{98025E14-A70A-4F69-A096-1FD4B992A077} => C:\Program Files (x86)\Wildfire Software\WinLems\WinLems.exe
Task: {40255791-6B6B-4F33-B2D6-10BF2FAFFF28} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23] (Adobe Systems Incorporated)
Task: {534562DC-4493-4D56-B0D6-7EBEE96588DA} - System32\Tasks\{E2D54697-563F-48A5-ADDD-FFF00231B4CD} => D:\Downloads\Lemmings_en\Lemmings_en\SETUP.EXE
Task: {600380F5-E451-4722-B6BF-228E48D122DE} - System32\Tasks\{29588C02-121A-40FA-A042-2981C8C4D2F6} => D:\Downloads\Lemmings_en\SETUP.EXE
Task: {60F43493-CA59-430A-A1BF-83ACE5E02F60} - System32\Tasks\{BC4E4BBD-C172-42A6-9CE7-8738DAFB3579} => D:\Downloads\Lemmings_en\LEMMINGS\INSTALL.EXE
Task: {6250DF27-EDD6-4AE5-BBFB-9EB981E505EE} - System32\Tasks\{0B9B3D8F-4719-48E6-962C-EBBD16E35DDD} => D:\Downloads\Lemmings_en\LEMMINGS\INSTALL.EXE
Task: {65078C63-023B-47CF-8225-93087226BBB5} - System32\Tasks\{D96183EB-4FD3-425A-BED1-C825DD4CAFA5} => C:\Program Files (x86)\Wildfire Software\WinLems\WinLems.exe
Task: {68CF6784-AF3F-416D-8310-8640F5CBBF7F} - System32\Tasks\{4CBA0B4C-7BD8-480A-BCBA-158F7080D882} => D:\Games\blood money\Hitman - Blood Money.exe
Task: {695951D1-4C0F-46C5-B146-D8ED5CCC6DCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16] (Google Inc.)
Task: {69597F7C-8FC5-4971-BFC6-85C06FF154F2} - System32\Tasks\{2914AFBB-A8B4-43F8-9FB3-CCC6038248F7} => D:\You Don't Know Jack 4\YDKJ 4.exe
Task: {6D56AB38-68C6-473C-B63D-328D6EC64384} - System32\Tasks\{BEED466B-3880-47BE-B007-542C3B401B68} => C:\Program Files (x86)\Wildfire Software\WinLems\WinLems.exe
Task: {6F4C15A0-4B3E-4005-9663-0F6E90A893FF} - System32\Tasks\{F85BCD23-4723-4482-BC8B-8AD078D204AB} => D:\Downloads\Lemmings_en\Lemmings_en\SETUP.EXE
Task: {771F8223-27D3-46A0-86EF-DACAC9676292} - System32\Tasks\{E0DCF817-FF19-40F8-A0FA-37C0EBA756C0} => D:\Downloads\Lemmings_en\SETUP.EXE
Task: {7E144021-21DC-422B-9768-0A8018E90BEC} - System32\Tasks\{D7B6F808-D0A7-4DF8-B5AF-B88F252C0520} => D:\Downloads\Lemmings_en\WING\GSETUP.EXE
Task: {86062672-A879-42B5-86ED-2FBFDEBC1FDF} - System32\Tasks\{7446560D-7D34-4A92-91FA-50302EF5E5FE} => D:\Downloads\Lemmings_en\WING\GSETUP.EXE
Task: {86C0C8C2-42F0-4279-AACA-9B75BB9CDA34} - System32\Tasks\{1B0824B5-C27E-4E55-A663-1B31262A8255} => D:\Downloads\Lemmings_en\LEMMINGS\INSTALL.EXE
Task: {877FE3E3-1530-4228-BF55-CF47AEAD7BE2} - System32\Tasks\{CA19CB5E-514E-463E-83C8-ACD23D90FB82} => C:\Program Files (x86)\Wildfire Software\WinLems\WinLems.exe
Task: {8B726F34-5194-405B-8C9F-EA4A735F9D46} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe [2010-08-13] (TuneUp Software)
Task: {8C5B2429-2ED3-4F84-A88C-A74674FDA3C5} - System32\Tasks\{019EB8E7-8274-4D7B-B6D5-6BDDADCCF309} => D:\Downloads\Lemmings_en\WING\GSETUP.EXE
Task: {9F5F34AD-8660-4B08-9571-82F6F0C57BC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16] (Google Inc.)
Task: {B53D7FD2-860C-4F8E-AB93-36359AA8E155} - System32\Tasks\{8197684A-8840-42AE-9EAA-0917243A2EEB} => C:\Program Files (x86)\Wildfire Software\WinLems\WinLems.exe
Task: {B8C6F48E-777B-4141-830F-B7B903701C8B} - System32\Tasks\{952810C0-9C2E-4B4F-A10F-AF72B253A81A} => D:\Downloads\Lemmings_en\LEMMINGS\INSTALL.EXE
Task: {C2237801-BF49-496C-BB7D-A429A1F8594D} - System32\Tasks\{2EE61E15-9B88-455A-A8F5-847546063FD4} => C:\Program Files (x86)\Wildfire Software\WinLems\WinLems.exe
Task: {C84E4C8B-E1EA-4DB2-88F9-3A4323E89880} - System32\Tasks\{6982CBF6-53E8-4E4F-8E58-19C1D7EB89D9} => D:\Downloads\Lemmings_en\SETUP.EXE
Task: {CDB76601-EF91-4AC0-BA61-99F254538EB2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-27] (Adobe Systems Incorporated)
Task: {DCD8CCFC-EB8E-40A3-9A1B-658DA4CB5734} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-03-08] ()
Task: {E06AFC40-62AF-4FAE-9140-922803114242} - System32\Tasks\{00FE1F42-E1DA-42DF-B525-201BEAF8758A} => D:\Downloads\Lemmings_en\WING\GSETUP.EXE
Task: {E577345C-E573-4408-8C55-F9752D2F1993} - System32\Tasks\{91A852AC-5860-4AEB-86D6-EB2E27B042C2} => D:\Downloads\Lemmings_en\SETUP.EXE
Task: {E7579303-70F0-4487-8942-201471C2CAB0} - System32\Tasks\{E3A901D1-93A7-4192-A6D5-5B42EE72F3A2} => D:\Downloads\Lemmings_en\Lemmings_en\SETUP.EXE
Task: {FC96038C-32C2-4D27-B716-875AA99F7376} - System32\Tasks\{36CB24BF-B8EA-437A-8FFE-0100341BE98A} => D:\Downloads\Lemmings_en\LEMMINGS\INSTALL.EXE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf5218679b7537.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-09-29 18:29 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2014-05-01 07:14 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-04-30 11:38 - 2014-04-30 11:38 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-04-30 11:38 - 2014-04-30 11:38 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Avira.OE.ServiceHost => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AutoStartNPSAgent => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: IndicatorUtility => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LoadBtnHnd => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
MSCONFIG\startupreg: LoadFUJ02E3 => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
MSCONFIG\startupreg: LoadFujitsuQuickTouch => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Blakkbyrd\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Blakkbyrd\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: ypuprqgq => regsvr32.exe "C:\ProgramData\ypuprqgq.dat"
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/05/2014 07:47:04 PM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
Error: (05/05/2014 07:47:04 PM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
Error: (05/05/2014 07:10:08 PM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
Error: (05/05/2014 07:10:08 PM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
Error: (05/05/2014 06:08:34 AM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
Error: (05/05/2014 06:08:34 AM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
Error: (05/04/2014 02:18:37 PM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
Error: (05/04/2014 02:18:37 PM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
Error: (05/03/2014 06:04:53 PM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
Error: (05/03/2014 06:04:53 PM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
System errors:
=============
Error: (05/05/2014 07:48:22 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (05/05/2014 07:48:21 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Firebird Guardian - DefaultInstance" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/05/2014 07:47:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Firebird Server - DefaultInstance" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/05/2014 07:47:04 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Firebird Server - DefaultInstance erreicht.
Error: (05/05/2014 07:46:50 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (05/05/2014 07:11:24 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (05/05/2014 07:11:24 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Firebird Guardian - DefaultInstance" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/05/2014 07:10:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Firebird Server - DefaultInstance" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/05/2014 07:10:08 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Firebird Server - DefaultInstance erreicht.
Error: (05/05/2014 07:09:55 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Microsoft Office Sessions:
=========================
Error: (05/27/2013 07:23:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 582 seconds with 360 seconds of active time. This session ended with a crash.
Error: (07/03/2011 05:59:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2316 seconds with 2220 seconds of active time. This session ended with a crash.
Error: (01/22/2011 07:13:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14569 seconds with 9960 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-04-29 22:22:48.078
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-29 22:22:47.891
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-12-26 08:51:45.208
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\123e38.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-12-26 08:51:45.080
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\123e38.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 52%
Total physical RAM: 1908.55 MB
Available physical RAM: 897.2 MB
Total Pagefile: 3817.11 MB
Available Pagefile: 2592.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:60 GB) (Free:16.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:170.87 GB) (Free:88.72 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 8E760A6D)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=171 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-05 20:26:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.01.0 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\BLAKKB~1\AppData\Local\Temp\uwddapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075751465 2 bytes [75, 75]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757514bb 2 bytes [75, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\b482fe64ddae (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\b482fe64ddae@34c3acd62bc0 0xB0 0x66 0xA6 0xC8 ...
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\b482fe64ddae@1887960815fe 0xBA 0xE7 0xB4 0x20 ...
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\b482fe64ddae@0012ee3b975d 0xDC 0xAD 0x5C 0x9A ...
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\b482fe64ddae@0019631a4df6 0x25 0xAA 0xD2 0xA4 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB3 0x85 0x95 0x85 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0x21 0x96 0x7C ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x78 0xFD 0x64 0x1A ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFF 0x02 0x4D 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe64ddae
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe64ddae@34c3acd62bc0 0xB0 0x66 0xA6 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe64ddae@1887960815fe 0xBA 0xE7 0xB4 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe64ddae@0012ee3b975d 0xAE 0x1B 0x88 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe64ddae@0019631a4df6 0xB4 0xD7 0x1E 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe64ddae@002345321605 0xE1 0x41 0x04 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe64ddae@3017c857316c 0x26 0x9D 0x95 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB3 0x85 0x95 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0x21 0x96 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\b482fe64ddae (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\b482fe64ddae@34c3acd62bc0 0xB0 0x66 0xA6 0xC8 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\b482fe64ddae@1887960815fe 0xBA 0xE7 0xB4 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\b482fe64ddae@0012ee3b975d 0xAE 0x1B 0x88 0x54 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\b482fe64ddae@0019631a4df6 0xB4 0xD7 0x1E 0xA7 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\b482fe64ddae@002345321605 0xE1 0x41 0x04 0x09 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\b482fe64ddae@3017c857316c 0x26 0x9D 0x95 0x3D ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB3 0x85 0x95 0x85 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0x21 0x96 0x7C ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:37:54, on 29.04.2014 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v11.0 (11.00.9600.16521) Boot mode: Safe mode with network support Running processes: D:\programme\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.100.200:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - .DEFAULT User Startup: LaunchCenter.lnk = C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (User 'Default user') O8 - Extra context menu item: &Citavi Picker... - file://C:\Program Files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\PROGRA~4\FIREBI~1\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\PROGRA~4\FIREBI~1\bin\fbserver.exe O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\PSUtility\PSUService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Unterstützung für Bluetooth-Funktionen (VFPRadioSupportService) - CSR, plc - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WirelessSelectorService - Unknown owner - C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10435 bytes |
|
05.05.2014, 20:12
| #2 |
| Ruhe in Frieden † 2019     | WIN7: Avira wird durch Gruppenrichtlinie blockiert Mein Name ist Sandra, ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen. Ich bedanke mich für deine Geduld 
__________________ |
|
05.05.2014, 20:59
| #3 |
| Ruhe in Frieden † 2019 | WIN7: Avira wird durch Gruppenrichtlinie blockiertMein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Posten in Code Tags Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke. Dazu:
Schritt 1 Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
06.05.2014, 17:24
| #4 |
| | WIN7: Avira wird durch Gruppenrichtlinie blockiert Hallo Sandra! Danke für die schnelle Antwort. Laut Programm wurde keine Malware gefunden und somit auch kein CleanUp gestartet. Hier das Log-File von mbar: Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.16659
Java version: 1.6.0_29
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 2001264640, free: 1029541888
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.16659
Java version: 1.6.0_29
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 2001264640, free: 992833536
=======================================
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.16659
Java version: 1.6.0_29
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 2001264640, free: 1019674624
Downloaded database version: v2014.05.06.06
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
------------ Kernel report ------------
05/06/2014 18:00:30
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\FUJ02B1.sys
\SystemRoot\system32\DRIVERS\FUJ02E3.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\qicflt.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\hidbth.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\sechost.dll
\Windows\System32\difxapi.dll
\Windows\System32\msctf.dll
\Windows\System32\kernel32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\iertutil.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imm32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\gdi32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\psapi.dll
\Windows\System32\wininet.dll
\Windows\System32\ole32.dll
\Windows\System32\nsi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shell32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80027d6060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800252a050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80027d6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80027d6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80027d6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002527e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800252a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8E760A6D
Partition information:
Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 12678 Numsec = 4196352
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 4212332 Numsec = 125831168
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 130043904 Numsec = 358350848
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 250059350016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-12677-488377168-488397168)...
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-12678-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
|
|
06.05.2014, 23:05
| #5 |
| Ruhe in Frieden † 2019 | WIN7: Avira wird durch Gruppenrichtlinie blockiert Hallo blackbryd, könntest du mir trotzdem das mbar-log(datum).txt log posten, das ist die system.txt Danke.Wir machen dann so weiter Schritt 1 Bitte deinstalliere folgende Programme (falls vorhanden) : Java(TM) 6 Update 25 Java(TM) 6 Update 29 Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen Kannst du nach diesem Fix dein Antivirenprogramm wieder anschalten? Schritt 2 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
C:\ProgramData\frjrl9j.ctrl
C:\ProgramData\frjrl9j.pff
C:\ProgramData\grhbbnwl.ctrl
C:\ProgramData\grhbbnwl.pff
C:\ProgramData\j6lbrj2bn.ctrl
C:\ProgramData\j6lbrj2bn.pff
C:\ProgramData\urlccdhlftxcwbvuuwc.bat
C:\ProgramData\urlccdhlftxcwbvuuwc.reg
C:\ProgramData\ypuprqgq.dat
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
MSCONFIG\startupreg: ypuprqgq => regsvr32.exe "C:\ProgramData\ypuprqgq.dat
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 3 Starte noch einmal FRST.
|
|
07.05.2014, 17:55
| #6 |
| | WIN7: Avira wird durch Gruppenrichtlinie blockiert Oh, tut mir leid. Da waren die Finger schneller als das Auge. Hier das Richtige: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.05.06.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16659
Blakkbyrd :: LAPTOP2 [administrator]
06.05.2014 18:00:37
mbar-log-2014-05-06 (18-00-37).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 321729
Time elapsed: 21 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Ich hab jetzt einfach mal weitergemacht. Deinstallation der beiden Java-Updates brachte keine Veränderung. Nach den Schritten 2 + 3 kann ich Antivir wieder starten, Symbol ist auch in der Taskleiste. Malwarebytes geht auch wieder. Juhuu! Erst mal Vielen Dank. Ist mein Rechner jetzt schon "sauber"? Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-05-2014
Ran by Blakkbyrd at 2014-05-07 18:39:13 Run:1
Running from C:\Users\Blakkbyrd\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
C:\ProgramData\frjrl9j.ctrl
C:\ProgramData\frjrl9j.pff
C:\ProgramData\grhbbnwl.ctrl
C:\ProgramData\grhbbnwl.pff
C:\ProgramData\j6lbrj2bn.ctrl
C:\ProgramData\j6lbrj2bn.pff
C:\ProgramData\urlccdhlftxcwbvuuwc.bat
C:\ProgramData\urlccdhlftxcwbvuuwc.reg
C:\ProgramData\ypuprqgq.dat
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
MSCONFIG\startupreg: ypuprqgq => regsvr32.exe "C:\ProgramData\ypuprqgq.dat
*****************
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
C:\ProgramData\frjrl9j.ctrl => Moved successfully.
C:\ProgramData\frjrl9j.pff => Moved successfully.
C:\ProgramData\grhbbnwl.ctrl => Moved successfully.
C:\ProgramData\grhbbnwl.pff => Moved successfully.
C:\ProgramData\j6lbrj2bn.ctrl => Moved successfully.
C:\ProgramData\j6lbrj2bn.pff => Moved successfully.
C:\ProgramData\urlccdhlftxcwbvuuwc.bat => Moved successfully.
C:\ProgramData\urlccdhlftxcwbvuuwc.reg => Moved successfully.
"C:\ProgramData\ypuprqgq.dat" => File/Directory not found.
Der Vorgang wurde erfolgreich beendet.
==== End of Fixlog ====
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2014
Ran by Blakkbyrd (administrator) on LAPTOP2 on 07-05-2014 18:39:48
Running from C:\Users\Blakkbyrd\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-04-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSF&bmod=FTSF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {8EDB9325-5002-4B25-8C08-702F485FA6EB} URL =
SearchScopes: HKCU - {58FF7CBB-2653-495A-A9EB-5E9462507AA2} URL =
SearchScopes: HKCU - {8EDB9325-5002-4B25-8C08-702F485FA6EB} URL =
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKCU - No Name - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll No File
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Blakkbyrd\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-22]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-10-21]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [125008 2014-04-30] (Avira Operations GmbH & Co. KG)
S2 FirebirdGuardianDefaultInstance; C:\Programme\Firebird_1_5\Bin\fbguard.exe [65536 2004-12-13] (The Firebird Project)
S2 FirebirdServerDefaultInstance; C:\Programme\Firebird_1_5\Bin\fbserver.exe [1527893 2004-12-13] (The Firebird Project)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()
S4 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
S4 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] ()
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [34704 2009-12-24] (CSR, plc)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-04-16] (Duplex Secure Ltd.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-07 18:39 - 2014-05-07 18:39 - 00011938 _____ () C:\Users\Blakkbyrd\Desktop\FRST.txt
2014-05-06 18:00 - 2014-05-06 18:22 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-06 18:00 - 2014-05-06 18:00 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 17:59 - 2014-05-06 18:00 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-06 17:58 - 2014-05-07 18:38 - 00000000 ____D () C:\Users\Blakkbyrd\Desktop\mbar
2014-05-05 20:26 - 2014-05-05 20:26 - 00007800 _____ () C:\Users\Blakkbyrd\Desktop\Gmer.txt
2014-05-05 19:52 - 2014-05-05 19:52 - 00031973 _____ () C:\Users\Blakkbyrd\Desktop\Addition.txt
2014-05-05 19:51 - 2014-05-07 18:39 - 00000000 ___DC () C:\FRST
2014-05-05 19:45 - 2014-05-05 19:50 - 00000532 _____ () C:\Users\Blakkbyrd\Desktop\defogger_disable.txt
2014-05-05 19:45 - 2014-05-05 19:45 - 00000020 _____ () C:\Users\Blakkbyrd\defogger_reenable
2014-05-05 19:36 - 2014-05-05 19:36 - 00380416 _____ () C:\Users\Blakkbyrd\Desktop\Gmer-19357.exe
2014-05-05 19:35 - 2014-05-05 19:35 - 02063872 _____ (Farbar) C:\Users\Blakkbyrd\Desktop\FRST64.exe
2014-05-05 19:33 - 2014-05-05 19:33 - 00050477 _____ () C:\Users\Blakkbyrd\Desktop\Defogger.exe
2014-05-02 06:49 - 2014-05-02 06:49 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-05-01 07:14 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-01 07:14 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-01 07:14 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-30 22:02 - 2014-05-01 07:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-04-30 22:02 - 2014-05-01 07:14 - 00000000 ____D () C:\ProgramData\Avira
2014-04-30 22:02 - 2014-05-01 07:14 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-30 22:02 - 2014-04-30 22:02 - 00001103 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-30 21:56 - 2014-04-30 21:56 - 00019777 ____C () C:\ComboFix.txt
2014-04-29 22:13 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-29 22:13 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-29 22:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-29 22:05 - 2014-04-30 21:56 - 00000000 ___DC () C:\Qoobox
2014-04-29 22:05 - 2014-04-29 22:26 - 00000000 ____D () C:\Windows\erdnt
2014-04-29 21:15 - 2014-04-29 21:15 - 00000676 __RSH () C:\Users\Blakkbyrd\ntuser.pol
2014-04-28 21:17 - 2014-05-01 18:21 - 00181390 _____ () C:\Windows\PFRO.log
2014-04-27 21:58 - 2014-04-30 22:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-27 21:42 - 2014-04-27 21:42 - 00001037 _____ () C:\Users\Blakkbyrd\Desktop\Cloud Drive - Verknüpfung.lnk
2014-04-27 21:41 - 2014-04-27 21:41 - 00000000 ____D () C:\Users\Blakkbyrd\Cloud Drive
2014-04-27 21:39 - 2014-04-27 21:39 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Amazon Cloud Drive
2014-04-27 21:37 - 2014-04-30 21:56 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Apps\2.0
2014-04-27 21:37 - 2014-04-27 21:41 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Deployment
2014-04-27 21:36 - 2014-04-27 21:37 - 00503104 _____ () C:\Users\Blakkbyrd\Downloads\AmazonCloudDriveSetup.exe
2014-04-26 09:19 - 2014-04-26 09:30 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-04-26 08:41 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-26 08:41 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-26 08:41 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-26 08:41 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-25 19:27 - 2014-04-25 19:27 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Downloaded Installations
2014-04-25 18:07 - 2014-05-07 18:21 - 00002240 _____ () C:\Windows\setupact.log
2014-04-21 09:56 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-21 09:56 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-21 09:56 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-21 09:56 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-21 09:56 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-21 09:56 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-21 09:56 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-21 09:56 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-21 09:56 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-21 09:56 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-21 09:56 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-21 09:56 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-21 09:56 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-21 09:56 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-21 09:56 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-21 09:56 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-21 09:56 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-21 09:56 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-21 09:56 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-21 09:56 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-21 09:56 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-21 09:56 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-21 09:56 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-21 09:56 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-21 09:56 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-21 09:56 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-21 09:56 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-21 09:56 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-21 09:56 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-21 09:56 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-21 09:56 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-21 09:56 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-21 09:56 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-21 09:56 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-21 09:56 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-21 09:56 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-21 09:55 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-21 09:55 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-21 09:55 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-21 09:55 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-21 09:55 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-21 09:55 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-21 09:55 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-21 09:55 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-21 09:55 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-21 09:55 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-04-21 09:55 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-21 09:54 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-21 09:54 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-21 09:54 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-21 09:54 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-21 09:54 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-21 09:54 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-21 09:54 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-21 09:54 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-21 09:54 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-14 19:01 - 2014-04-14 19:01 - 02328864 _____ () C:\Users\Blakkbyrd\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2014-04-07 06:18 - 2014-04-07 06:18 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf5218679b7537.job
==================== One Month Modified Files and Folders =======
2014-05-07 18:40 - 2014-05-07 18:39 - 00011938 _____ () C:\Users\Blakkbyrd\Desktop\FRST.txt
2014-05-07 18:39 - 2014-05-05 19:51 - 00000000 ___DC () C:\FRST
2014-05-07 18:38 - 2014-05-06 17:58 - 00000000 ____D () C:\Users\Blakkbyrd\Desktop\mbar
2014-05-07 18:30 - 2011-05-03 09:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-07 18:30 - 2010-09-28 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 18:29 - 2013-07-11 00:29 - 00005984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-07 18:29 - 2013-07-11 00:29 - 00005984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-07 18:21 - 2014-04-25 18:07 - 00002240 _____ () C:\Windows\setupact.log
2014-05-07 13:23 - 2010-09-29 03:00 - 01154332 _____ () C:\Windows\WindowsUpdate.log
2014-05-07 13:10 - 2010-04-26 15:06 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-05-07 13:10 - 2010-04-26 15:06 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-05-07 13:10 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-06 18:22 - 2014-05-06 18:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-06 18:00 - 2014-05-06 18:00 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 18:00 - 2014-05-06 17:59 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-05 20:26 - 2014-05-05 20:26 - 00007800 _____ () C:\Users\Blakkbyrd\Desktop\Gmer.txt
2014-05-05 20:07 - 2010-09-29 18:30 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-05-05 19:52 - 2014-05-05 19:52 - 00031973 _____ () C:\Users\Blakkbyrd\Desktop\Addition.txt
2014-05-05 19:50 - 2014-05-05 19:45 - 00000532 _____ () C:\Users\Blakkbyrd\Desktop\defogger_disable.txt
2014-05-05 19:45 - 2014-05-05 19:45 - 00000020 _____ () C:\Users\Blakkbyrd\defogger_reenable
2014-05-05 19:45 - 2010-09-28 18:41 - 00000000 ____D () C:\Users\Blakkbyrd
2014-05-05 19:36 - 2014-05-05 19:36 - 00380416 _____ () C:\Users\Blakkbyrd\Desktop\Gmer-19357.exe
2014-05-05 19:35 - 2014-05-05 19:35 - 02063872 _____ (Farbar) C:\Users\Blakkbyrd\Desktop\FRST64.exe
2014-05-05 19:33 - 2014-05-05 19:33 - 00050477 _____ () C:\Users\Blakkbyrd\Desktop\Defogger.exe
2014-05-03 19:31 - 2012-11-04 22:48 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Roaming\Skype
2014-05-02 06:49 - 2014-05-02 06:49 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-05-01 18:21 - 2014-04-28 21:17 - 00181390 _____ () C:\Windows\PFRO.log
2014-05-01 07:14 - 2014-04-30 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-01 07:14 - 2014-04-30 22:02 - 00000000 ____D () C:\ProgramData\Avira
2014-05-01 07:14 - 2014-04-30 22:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-30 22:02 - 2014-04-30 22:02 - 00001103 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-30 22:02 - 2014-04-27 21:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-30 21:56 - 2014-04-30 21:56 - 00019777 ____C () C:\ComboFix.txt
2014-04-30 21:56 - 2014-04-29 22:05 - 00000000 ___DC () C:\Qoobox
2014-04-30 21:56 - 2014-04-27 21:37 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Apps\2.0
2014-04-30 21:54 - 2009-07-14 04:34 - 00000215 ____C () C:\Windows\system.ini
2014-04-29 22:28 - 2010-09-28 18:38 - 00000000 ____D () C:\Users\TxR
2014-04-29 22:28 - 2010-09-28 18:38 - 00000000 ____D () C:\Users\systemprofile
2014-04-29 22:28 - 2010-09-28 18:38 - 00000000 ____D () C:\Users\RegBack
2014-04-29 22:28 - 2010-09-28 18:38 - 00000000 ____D () C:\Users\Journal
2014-04-29 22:26 - 2014-04-29 22:05 - 00000000 ____D () C:\Windows\erdnt
2014-04-29 21:37 - 2013-03-30 01:37 - 00010437 _____ () C:\Users\Blakkbyrd\Desktop\hijackthis.txt
2014-04-29 21:15 - 2014-04-29 21:15 - 00000676 __RSH () C:\Users\Blakkbyrd\ntuser.pol
2014-04-28 19:50 - 2013-02-25 21:57 - 00001079 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-28 19:50 - 2013-02-25 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-04-28 19:50 - 2013-02-25 21:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-28 18:48 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-27 21:46 - 2010-09-28 18:41 - 00000000 ___RD () C:\Users\Blakkbyrd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup
2014-04-27 21:43 - 2013-04-29 19:59 - 00065024 ___SH () C:\Users\Blakkbyrd\Thumbs.db
2014-04-27 21:42 - 2014-04-27 21:42 - 00001037 _____ () C:\Users\Blakkbyrd\Desktop\Cloud Drive - Verknüpfung.lnk
2014-04-27 21:41 - 2014-04-27 21:41 - 00000000 ____D () C:\Users\Blakkbyrd\Cloud Drive
2014-04-27 21:41 - 2014-04-27 21:37 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Deployment
2014-04-27 21:40 - 2013-01-28 12:46 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-04-27 21:39 - 2014-04-27 21:39 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Amazon Cloud Drive
2014-04-27 21:37 - 2014-04-27 21:36 - 00503104 _____ () C:\Users\Blakkbyrd\Downloads\AmazonCloudDriveSetup.exe
2014-04-26 17:53 - 2013-10-21 16:52 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Roaming\Swiss Academic Software
2014-04-26 17:51 - 2013-10-21 16:52 - 00000000 ____D () C:\Users\Blakkbyrd\Documents\Citavi 4
2014-04-26 15:40 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-26 09:30 - 2014-04-26 09:19 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-04-26 08:06 - 2012-02-08 21:44 - 00000000 ____D () C:\Windows\pss
2014-04-25 19:29 - 2013-10-21 16:52 - 00000000 ____D () C:\ProgramData\Swiss Academic Software
2014-04-25 19:29 - 2013-10-21 16:51 - 00001601 _____ () C:\Users\Public\Desktop\Citavi 4.lnk
2014-04-25 19:29 - 2013-10-21 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4
2014-04-25 19:27 - 2014-04-25 19:27 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Downloaded Installations
2014-04-25 14:17 - 2011-12-27 01:21 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-04-25 14:14 - 2012-01-07 18:31 - 00000000 ____D () C:\Users\Blakkbyrd\Desktop\Sonstige Programme
2014-04-25 12:31 - 2009-07-14 04:34 - 73924608 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old
2014-04-25 12:31 - 2009-07-14 04:34 - 30670848 _____ () C:\Windows\system32\config\SYSTEM_tureg_old
2014-04-25 12:31 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY_tureg_old
2014-04-25 12:27 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM_tureg_old
2014-04-25 12:27 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT_tureg_old
2014-04-21 12:51 - 2009-07-14 06:45 - 00344864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-21 10:01 - 2013-08-27 18:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-14 19:01 - 2014-04-14 19:01 - 02328864 _____ () C:\Users\Blakkbyrd\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2014-04-14 19:01 - 2012-01-07 19:23 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Roaming\Amazon
2014-04-09 21:40 - 2012-02-07 22:02 - 00000000 ____D () C:\Users\Blakkbyrd\Documents\My Games
2014-04-09 21:37 - 2010-09-29 02:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-07 06:18 - 2014-04-07 06:18 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf5218679b7537.job
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-02 15:21
==================== End Of Log ============================
--- --- --- --- --- --- |
|
07.05.2014, 21:57
| #7 | |||
| Ruhe in Frieden † 2019 | WIN7: Avira wird durch Gruppenrichtlinie blockiert Hallo blackbyrd, Zitat:
 Gut gemacht Zitat:
 Zitat:
Schritt 1 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 2 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern  ESET Online Scanner
Schritt 3 Starte noch einmal FRST.
|
|
09.05.2014, 18:54
| #8 |
| | WIN7: Avira wird durch Gruppenrichtlinie blockiert Hallo Sandra, hat ein bisserl gedauert, aber jetzt habe ich alle Schritte durchgeführt. Der Virenscanner ließ sich nicht deaktivieren, habe ihn deshalb vorübergehend deinstalliert. Dabei ist mir aufgefallen, dass Antivir sozusagen doppelt installiert war. Ich weiss nicht, ob das normal ist, aber früher war in den ausgeführten Prozessen nur Avguard, avshadow und avgnt zu finden. Jetzt treiben sich da aber auch eine avira.oe.servicehost und avira.oe.systray herum. Analog dazu stehen in der Liste der installierten Programme auch einmal Avira und Avira Operations Gmbh, die beiden mussten separat deinstalliert werden. Ist das einfach nur eine andere Softwarestruktur als früher? Hier die logfiles (eset hat was gefunden, aber nicht entfernt, ich sollte ja die Funktion deaktivieren) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 08.05.2014 Suchlauf-Zeit: 21:42:32 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.05.08.09 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Blakkbyrd Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 324737 Verstrichene Zeit: 14 Min, 9 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=919f5b51d2a6bf4983d45b96d1c6f164
# engine=18198
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-09 03:51:01
# local_time=2014-05-09 05:51:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 11422 151280511 0 0
# scanned=200925
# found=1
# cleaned=0
# scan_time=4432
sh=9890E9E53D36CD6F9CCA6941F45F5CBE16537563 ft=1 fh=ad2fb30c827e538e vn="Win32/StartPage.OIE Trojaner" ac=I fn="C:\Users\Blakkbyrd\Downloads\vlc-1.1.4-win32.exe"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2014 01
Ran by Blakkbyrd (administrator) on LAPTOP2 on 09-05-2014 17:55:57
Running from C:\Users\Blakkbyrd\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSF&bmod=FTSF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {8EDB9325-5002-4B25-8C08-702F485FA6EB} URL =
SearchScopes: HKCU - {58FF7CBB-2653-495A-A9EB-5E9462507AA2} URL =
SearchScopes: HKCU - {8EDB9325-5002-4B25-8C08-702F485FA6EB} URL =
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKCU - No Name - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll No File
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Blakkbyrd\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-22]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-10-21]
==================== Services (Whitelisted) =================
S2 FirebirdGuardianDefaultInstance; C:\Programme\Firebird_1_5\Bin\fbguard.exe [65536 2004-12-13] (The Firebird Project)
S2 FirebirdServerDefaultInstance; C:\Programme\Firebird_1_5\Bin\fbserver.exe [1527893 2004-12-13] (The Firebird Project)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()
S4 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
S4 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] ()
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
==================== Drivers (Whitelisted) ====================
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [34704 2009-12-24] (CSR, plc)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-04-16] (Duplex Secure Ltd.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-09 17:55 - 2014-05-09 17:55 - 00010041 _____ () C:\Users\Blakkbyrd\Desktop\FRST.txt
2014-05-09 17:55 - 2014-05-09 17:55 - 00000000 ____D () C:\Users\Blakkbyrd\Desktop\FRST-OlderVersion
2014-05-09 16:01 - 2014-05-09 16:01 - 00000079 _____ () C:\Users\Blakkbyrd\Desktop\eset.txt
2014-05-09 14:51 - 2014-05-09 14:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-08 22:02 - 2014-05-08 22:03 - 02347384 _____ (ESET) C:\Users\Blakkbyrd\Desktop\esetsmartinstaller_deu.exe
2014-05-08 22:01 - 2014-05-08 22:01 - 00001152 _____ () C:\Users\Blakkbyrd\Desktop\mbam.txt
2014-05-08 21:27 - 2014-05-09 13:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 21:24 - 2014-05-08 21:24 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Blakkbyrd\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-06 18:00 - 2014-05-06 18:22 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-06 17:58 - 2014-05-07 18:38 - 00000000 ____D () C:\Users\Blakkbyrd\Desktop\mbar
2014-05-05 19:51 - 2014-05-09 17:55 - 00000000 ___DC () C:\FRST
2014-05-05 19:45 - 2014-05-05 19:45 - 00000020 _____ () C:\Users\Blakkbyrd\defogger_reenable
2014-05-05 19:36 - 2014-05-05 19:36 - 00380416 _____ () C:\Users\Blakkbyrd\Desktop\Gmer-19357.exe
2014-05-05 19:35 - 2014-05-09 17:55 - 02064384 ____C (Farbar) C:\Users\Blakkbyrd\Desktop\FRST64.exe
2014-05-05 19:33 - 2014-05-05 19:33 - 00050477 _____ () C:\Users\Blakkbyrd\Desktop\Defogger.exe
2014-04-30 22:02 - 2014-05-09 14:43 - 00000000 ____D () C:\ProgramData\Avira
2014-04-30 22:02 - 2014-05-09 14:43 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-30 21:56 - 2014-04-30 21:56 - 00019777 ____C () C:\ComboFix.txt
2014-04-29 22:13 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-29 22:13 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-29 22:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-29 22:05 - 2014-04-30 21:56 - 00000000 ___DC () C:\Qoobox
2014-04-29 22:05 - 2014-04-29 22:26 - 00000000 ____D () C:\Windows\erdnt
2014-04-29 21:15 - 2014-04-29 21:15 - 00000676 __RSH () C:\Users\Blakkbyrd\ntuser.pol
2014-04-28 21:17 - 2014-05-09 14:43 - 00181724 _____ () C:\Windows\PFRO.log
2014-04-27 21:58 - 2014-05-09 14:42 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-27 21:42 - 2014-04-27 21:42 - 00001037 _____ () C:\Users\Blakkbyrd\Desktop\Cloud Drive - Verknüpfung.lnk
2014-04-27 21:41 - 2014-04-27 21:41 - 00000000 ____D () C:\Users\Blakkbyrd\Cloud Drive
2014-04-27 21:39 - 2014-04-27 21:39 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Amazon Cloud Drive
2014-04-27 21:37 - 2014-04-30 21:56 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Apps\2.0
2014-04-27 21:37 - 2014-04-27 21:41 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Deployment
2014-04-27 21:36 - 2014-04-27 21:37 - 00503104 _____ () C:\Users\Blakkbyrd\Downloads\AmazonCloudDriveSetup.exe
2014-04-26 09:19 - 2014-04-26 09:30 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-04-26 08:41 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-26 08:41 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-26 08:41 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-26 08:41 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-25 19:27 - 2014-04-25 19:27 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Downloaded Installations
2014-04-25 18:07 - 2014-05-09 14:44 - 00002520 _____ () C:\Windows\setupact.log
2014-04-21 09:56 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-21 09:56 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-21 09:56 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-21 09:56 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-21 09:56 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-21 09:56 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-21 09:56 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-21 09:56 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-21 09:56 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-21 09:56 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-21 09:56 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-21 09:56 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-21 09:56 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-21 09:56 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-21 09:56 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-21 09:56 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-21 09:56 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-21 09:56 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-21 09:56 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-21 09:56 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-21 09:56 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-21 09:56 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-21 09:56 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-21 09:56 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-21 09:56 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-21 09:56 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-21 09:56 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-21 09:56 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-21 09:56 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-21 09:56 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-21 09:56 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-21 09:56 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-21 09:56 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-21 09:56 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-21 09:56 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-21 09:56 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-21 09:55 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-21 09:55 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-21 09:55 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-21 09:55 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-21 09:55 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-21 09:55 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-21 09:55 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-21 09:55 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-21 09:55 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-21 09:55 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-04-21 09:55 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-21 09:54 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-21 09:54 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-21 09:54 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-21 09:54 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-21 09:54 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-21 09:54 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-21 09:54 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-21 09:54 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-21 09:54 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-14 19:01 - 2014-04-14 19:01 - 02328864 _____ () C:\Users\Blakkbyrd\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
==================== One Month Modified Files and Folders =======
2014-05-09 17:56 - 2014-05-09 17:55 - 00010041 _____ () C:\Users\Blakkbyrd\Desktop\FRST.txt
2014-05-09 17:55 - 2014-05-09 17:55 - 00000000 ____D () C:\Users\Blakkbyrd\Desktop\FRST-OlderVersion
2014-05-09 17:55 - 2014-05-05 19:51 - 00000000 ___DC () C:\FRST
2014-05-09 17:55 - 2014-05-05 19:35 - 02064384 ____C (Farbar) C:\Users\Blakkbyrd\Desktop\FRST64.exe
2014-05-09 16:01 - 2014-05-09 16:01 - 00000079 _____ () C:\Users\Blakkbyrd\Desktop\eset.txt
2014-05-09 14:51 - 2014-05-09 14:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-09 14:51 - 2013-07-11 00:29 - 00005984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-09 14:51 - 2013-07-11 00:29 - 00005984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-09 14:47 - 2010-09-29 03:00 - 01186665 _____ () C:\Windows\WindowsUpdate.log
2014-05-09 14:44 - 2014-04-25 18:07 - 00002520 _____ () C:\Windows\setupact.log
2014-05-09 14:43 - 2014-04-30 22:02 - 00000000 ____D () C:\ProgramData\Avira
2014-05-09 14:43 - 2014-04-30 22:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-09 14:43 - 2014-04-28 21:17 - 00181724 _____ () C:\Windows\PFRO.log
2014-05-09 14:42 - 2014-04-27 21:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-09 13:59 - 2014-05-08 21:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 22:03 - 2014-05-08 22:02 - 02347384 _____ (ESET) C:\Users\Blakkbyrd\Desktop\esetsmartinstaller_deu.exe
2014-05-08 22:01 - 2014-05-08 22:01 - 00001152 _____ () C:\Users\Blakkbyrd\Desktop\mbam.txt
2014-05-08 21:25 - 2013-02-25 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 21:24 - 2014-05-08 21:24 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Blakkbyrd\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-07 18:38 - 2014-05-06 17:58 - 00000000 ____D () C:\Users\Blakkbyrd\Desktop\mbar
2014-05-07 18:30 - 2011-05-03 09:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-07 18:30 - 2010-09-28 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 13:10 - 2010-04-26 15:06 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-05-07 13:10 - 2010-04-26 15:06 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-05-07 13:10 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-06 18:22 - 2014-05-06 18:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-05 20:07 - 2010-09-29 18:30 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-05-05 19:45 - 2014-05-05 19:45 - 00000020 _____ () C:\Users\Blakkbyrd\defogger_reenable
2014-05-05 19:45 - 2010-09-28 18:41 - 00000000 ____D () C:\Users\Blakkbyrd
2014-05-05 19:36 - 2014-05-05 19:36 - 00380416 _____ () C:\Users\Blakkbyrd\Desktop\Gmer-19357.exe
2014-05-05 19:33 - 2014-05-05 19:33 - 00050477 _____ () C:\Users\Blakkbyrd\Desktop\Defogger.exe
2014-05-03 19:31 - 2012-11-04 22:48 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Roaming\Skype
2014-04-30 21:56 - 2014-04-30 21:56 - 00019777 ____C () C:\ComboFix.txt
2014-04-30 21:56 - 2014-04-29 22:05 - 00000000 ___DC () C:\Qoobox
2014-04-30 21:56 - 2014-04-27 21:37 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Apps\2.0
2014-04-30 21:54 - 2009-07-14 04:34 - 00000215 ____C () C:\Windows\system.ini
2014-04-29 22:28 - 2010-09-28 18:38 - 00000000 ____D () C:\Users\TxR
2014-04-29 22:28 - 2010-09-28 18:38 - 00000000 ____D () C:\Users\systemprofile
2014-04-29 22:28 - 2010-09-28 18:38 - 00000000 ____D () C:\Users\RegBack
2014-04-29 22:28 - 2010-09-28 18:38 - 00000000 ____D () C:\Users\Journal
2014-04-29 22:26 - 2014-04-29 22:05 - 00000000 ____D () C:\Windows\erdnt
2014-04-29 21:37 - 2013-03-30 01:37 - 00010437 _____ () C:\Users\Blakkbyrd\Desktop\hijackthis.txt
2014-04-29 21:15 - 2014-04-29 21:15 - 00000676 __RSH () C:\Users\Blakkbyrd\ntuser.pol
2014-04-28 18:48 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-27 21:46 - 2010-09-28 18:41 - 00000000 ___RD () C:\Users\Blakkbyrd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup
2014-04-27 21:43 - 2013-04-29 19:59 - 00065024 ___SH () C:\Users\Blakkbyrd\Thumbs.db
2014-04-27 21:42 - 2014-04-27 21:42 - 00001037 _____ () C:\Users\Blakkbyrd\Desktop\Cloud Drive - Verknüpfung.lnk
2014-04-27 21:41 - 2014-04-27 21:41 - 00000000 ____D () C:\Users\Blakkbyrd\Cloud Drive
2014-04-27 21:41 - 2014-04-27 21:37 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Deployment
2014-04-27 21:40 - 2013-01-28 12:46 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-04-27 21:39 - 2014-04-27 21:39 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Amazon Cloud Drive
2014-04-27 21:37 - 2014-04-27 21:36 - 00503104 _____ () C:\Users\Blakkbyrd\Downloads\AmazonCloudDriveSetup.exe
2014-04-26 17:53 - 2013-10-21 16:52 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Roaming\Swiss Academic Software
2014-04-26 17:51 - 2013-10-21 16:52 - 00000000 ____D () C:\Users\Blakkbyrd\Documents\Citavi 4
2014-04-26 15:40 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-26 09:30 - 2014-04-26 09:19 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-04-26 08:06 - 2012-02-08 21:44 - 00000000 ____D () C:\Windows\pss
2014-04-25 19:29 - 2013-10-21 16:52 - 00000000 ____D () C:\ProgramData\Swiss Academic Software
2014-04-25 19:29 - 2013-10-21 16:51 - 00001601 _____ () C:\Users\Public\Desktop\Citavi 4.lnk
2014-04-25 19:29 - 2013-10-21 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4
2014-04-25 19:27 - 2014-04-25 19:27 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Downloaded Installations
2014-04-25 14:17 - 2011-12-27 01:21 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-04-25 14:14 - 2012-01-07 18:31 - 00000000 ____D () C:\Users\Blakkbyrd\Desktop\Sonstige Programme
2014-04-25 12:31 - 2009-07-14 04:34 - 73924608 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old
2014-04-25 12:31 - 2009-07-14 04:34 - 30670848 _____ () C:\Windows\system32\config\SYSTEM_tureg_old
2014-04-25 12:31 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY_tureg_old
2014-04-25 12:27 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM_tureg_old
2014-04-25 12:27 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT_tureg_old
2014-04-21 12:51 - 2009-07-14 06:45 - 00344864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-21 10:01 - 2013-08-27 18:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-14 19:01 - 2014-04-14 19:01 - 02328864 _____ () C:\Users\Blakkbyrd\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2014-04-14 19:01 - 2012-01-07 19:23 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Roaming\Amazon
2014-04-09 21:40 - 2012-02-07 22:02 - 00000000 ____D () C:\Users\Blakkbyrd\Documents\My Games
2014-04-09 21:37 - 2010-09-29 02:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
Some content of TEMP:
====================
C:\Users\Blakkbyrd\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-02 15:21
==================== End Of Log ============================
--- --- --- [/CODE Danke! |
|
09.05.2014, 23:52
| #9 | ||
| Ruhe in Frieden † 2019 | WIN7: Avira wird durch Gruppenrichtlinie blockiert Hallo blackbyrd Zitat:
Zitat:
Wir löschen noch den Fund von ESET Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Blakkbyrd\Downloads\vlc-1.1.4-win32.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
OK So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber. Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir. Schritt 1 Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren. Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen. Schritt 2 Downloade dir bitte delfix auf deinen Desktop.
Updates / Programme aktualisieren
Stelle sicher, dass dein FlashPlayer nach Updates sucht. Den FlashPlayer kann man direkt bei der Installation so konfigurieren, dass er nach Updates automatisch sucht, nachträglich kann man das über folgenden Link machen: Adobe - Flash Player: Einstellungsmanager - Globale Benachrichtigungseinstellungen
Deinstalliere Deinen Reader und lade Dir die neueste Version von hier herunter. Schaue, ob sich noch etwas mit installieren möchte und entferne den Haken gegebenenfalls.
Lade dir bitte von hier den aktuellen Firefox herunter.
Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems. Aktualität des Systems Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
Falls du Java doch unbedingt benötigst, dann
Dazu:
Hier findest du eine Anleitung dazu. Antivirensoftware
Zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Systemleistung Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu TFC Halte dich fern von jeglichen Registry Cleanern. Diese schaden deinem System mehr als dass sie es schneller machen. Verhaltensregeln zum sichereren Surfen
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind. Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun. Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun. |
|
13.05.2014, 23:10
| #10 |
| Ruhe in Frieden † 2019 | WIN7: Avira wird durch Gruppenrichtlinie blockiert Dieses Thema scheint erledigt, falls du noch Fragen haben solltest oder es Probleme gibt, so schicke mir bitte eine PN Jeder andere bitte hier klicken und einen eigenen Thread erstellen |
|
| Themen zu WIN7: Avira wird durch Gruppenrichtlinie blockiert |
| acrobat update, antivir, antivirus, association, avira, avira wird durch gruppenrichtlinie blockiert, blockiert, browser, device driver, durch gruppenrichtlinie blockiert, error, excel, fehlermeldung, flash player, gruppenrichtline, gruppenrichtlinie blockiert, helper, hijackthis logfile, logfile, mozilla, object, popup, problem, programm, registry, rootkit, scan, security, services.exe, spotify web helper, starten, svchost.exe, wiso |
Linear-Darstellung
