| |
| |||||||
Log-Analyse und Auswertung: WIN7: Avira wird durch Gruppenrichtlinie blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.05.2014, 19:55
| #1 |
| |  WIN7: Avira wird durch Gruppenrichtlinie blockiert Hallo liebes Trojaner-Board-Team, ich habe seit etwa einer Woche folgendes Problem: Avira lässt sich nicht starten, deinstallieren oder neu installieren, auch nicht im abgesicherten Modus. Es kommt immer die Fehlermeldung: "dieses Programm wird durch eine Gruppenrichtline blockiert". Gruppenrichtlinien sind auf meinem Rechner nicht eingerichtet, ich befürchte einen Befall. Was ich bisher (erfolglos) versucht habe: Im abgesicherten Modus alle *.exe-Dateien der letzten 14 Tage gelöscht HijackThis und Malwarebytes durchlaufen lassen und Funde gelöscht (HijackThis Logfile unten) ComboFix durchlaufen lassen Normalerweise würde ich jetzt plattmachen, könnte dann aber meine CAD-Software nicht mehr nutzen, die noch von der Meisterschule her auf meinem Rechner installiert ist. Könnt Ihr mir bitte helfen? Vielen Dank! Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:50 on 05/05/2014 (Blakkbyrd)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2014
Ran by Blakkbyrd (administrator) on LAPTOP2 on 05-05-2014 19:51:27
Running from C:\Users\Blakkbyrd\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-04-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSF&bmod=FTSF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {8EDB9325-5002-4B25-8C08-702F485FA6EB} URL =
SearchScopes: HKCU - {58FF7CBB-2653-495A-A9EB-5E9462507AA2} URL =
SearchScopes: HKCU - {8EDB9325-5002-4B25-8C08-702F485FA6EB} URL =
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Blakkbyrd\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Blakkbyrd\AppData\Roaming\Mozilla\Firefox\Profiles\wg0s85wc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-22]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-10-21]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [125008 2014-04-30] (Avira Operations GmbH & Co. KG)
S2 FirebirdGuardianDefaultInstance; C:\Programme\Firebird_1_5\Bin\fbguard.exe [65536 2004-12-13] (The Firebird Project)
S2 FirebirdServerDefaultInstance; C:\Programme\Firebird_1_5\Bin\fbserver.exe [1527893 2004-12-13] (The Firebird Project)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()
S4 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2010-09-29] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2010-08-13] (TuneUp Software)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
S4 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] ()
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [34704 2009-12-24] (CSR, plc)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-04-16] (Duplex Secure Ltd.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-05 19:51 - 2014-05-05 19:51 - 00013376 _____ () C:\Users\Blakkbyrd\Desktop\FRST.txt
2014-05-05 19:51 - 2014-05-05 19:51 - 00000000 ___DC () C:\FRST
2014-05-05 19:45 - 2014-05-05 19:50 - 00000532 _____ () C:\Users\Blakkbyrd\Desktop\defogger_disable.log
2014-05-05 19:45 - 2014-05-05 19:45 - 00000020 _____ () C:\Users\Blakkbyrd\defogger_reenable
2014-05-05 19:36 - 2014-05-05 19:36 - 00380416 _____ () C:\Users\Blakkbyrd\Desktop\Gmer-19357.exe
2014-05-05 19:35 - 2014-05-05 19:35 - 02063872 _____ (Farbar) C:\Users\Blakkbyrd\Desktop\FRST64.exe
2014-05-05 19:33 - 2014-05-05 19:33 - 00050477 _____ () C:\Users\Blakkbyrd\Desktop\Defogger.exe
2014-05-02 06:49 - 2014-05-02 06:49 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-05-01 07:14 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-01 07:14 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-01 07:14 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-30 22:02 - 2014-05-01 07:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-04-30 22:02 - 2014-05-01 07:14 - 00000000 ____D () C:\ProgramData\Avira
2014-04-30 22:02 - 2014-05-01 07:14 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-30 22:02 - 2014-04-30 22:02 - 00001103 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-30 21:56 - 2014-04-30 21:56 - 00019777 ____C () C:\ComboFix.txt
2014-04-29 22:13 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-29 22:13 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-29 22:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-29 22:13 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-29 22:05 - 2014-04-30 21:56 - 00000000 ___DC () C:\Qoobox
2014-04-29 22:05 - 2014-04-29 22:26 - 00000000 ____D () C:\Windows\erdnt
2014-04-29 21:15 - 2014-04-29 21:15 - 00000676 __RSH () C:\Users\Blakkbyrd\ntuser.pol
2014-04-28 21:17 - 2014-05-01 18:21 - 00181390 _____ () C:\Windows\PFRO.log
2014-04-27 21:58 - 2014-04-30 22:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-27 21:42 - 2014-04-27 21:42 - 00001037 _____ () C:\Users\Blakkbyrd\Desktop\Cloud Drive - Verknüpfung.lnk
2014-04-27 21:41 - 2014-04-27 21:41 - 00000000 ____D () C:\Users\Blakkbyrd\Cloud Drive
2014-04-27 21:39 - 2014-04-27 21:39 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Amazon Cloud Drive
2014-04-27 21:37 - 2014-04-30 21:56 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Apps\2.0
2014-04-27 21:37 - 2014-04-27 21:41 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Deployment
2014-04-27 21:36 - 2014-04-27 21:37 - 00503104 _____ () C:\Users\Blakkbyrd\Downloads\AmazonCloudDriveSetup.exe
2014-04-26 09:19 - 2014-04-26 09:30 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-04-26 08:41 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-26 08:41 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-26 08:41 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-26 08:41 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-25 19:27 - 2014-04-25 19:27 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Downloaded Installations
2014-04-25 18:07 - 2014-05-05 19:46 - 00001960 _____ () C:\Windows\setupact.log
2014-04-21 09:56 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-21 09:56 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-21 09:56 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-21 09:56 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-21 09:56 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-21 09:56 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-21 09:56 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-21 09:56 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-21 09:56 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-21 09:56 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-21 09:56 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-21 09:56 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-21 09:56 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-21 09:56 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-21 09:56 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-21 09:56 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-21 09:56 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-21 09:56 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-21 09:56 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-21 09:56 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-21 09:56 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-21 09:56 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-21 09:56 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-21 09:56 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-21 09:56 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-21 09:56 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-21 09:56 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-21 09:56 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-21 09:56 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-21 09:56 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-21 09:56 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-21 09:56 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-21 09:56 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-21 09:56 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-21 09:56 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-21 09:56 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-21 09:55 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-21 09:55 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-21 09:55 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-21 09:55 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-21 09:55 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-21 09:55 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-21 09:55 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-21 09:55 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-21 09:55 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-21 09:55 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-04-21 09:55 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-21 09:54 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-21 09:54 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-21 09:54 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-21 09:54 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-21 09:54 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-21 09:54 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-21 09:54 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-21 09:54 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-21 09:54 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-21 09:54 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-14 19:01 - 2014-04-14 19:01 - 02328864 _____ () C:\Users\Blakkbyrd\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2014-04-07 06:18 - 2014-04-07 06:18 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf5218679b7537.job
==================== One Month Modified Files and Folders =======
2014-05-05 19:51 - 2014-05-05 19:51 - 00013376 _____ () C:\Users\Blakkbyrd\Desktop\FRST.txt
2014-05-05 19:51 - 2014-05-05 19:51 - 00000000 ___DC () C:\FRST
2014-05-05 19:51 - 2010-09-29 03:00 - 01130281 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 19:50 - 2014-05-05 19:45 - 00000532 _____ () C:\Users\Blakkbyrd\Desktop\defogger_disable.log
2014-05-05 19:46 - 2014-04-25 18:07 - 00001960 _____ () C:\Windows\setupact.log
2014-05-05 19:45 - 2014-05-05 19:45 - 00000020 _____ () C:\Users\Blakkbyrd\defogger_reenable
2014-05-05 19:45 - 2010-09-28 18:41 - 00000000 ____D () C:\Users\Blakkbyrd
2014-05-05 19:40 - 2013-07-11 00:29 - 00005984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-05 19:40 - 2013-07-11 00:29 - 00005984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-05 19:36 - 2014-05-05 19:36 - 00380416 _____ () C:\Users\Blakkbyrd\Desktop\Gmer-19357.exe
2014-05-05 19:35 - 2014-05-05 19:35 - 02063872 _____ (Farbar) C:\Users\Blakkbyrd\Desktop\FRST64.exe
2014-05-05 19:33 - 2014-05-05 19:33 - 00050477 _____ () C:\Users\Blakkbyrd\Desktop\Defogger.exe
2014-05-03 19:31 - 2012-11-04 22:48 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Roaming\Skype
2014-05-02 06:49 - 2014-05-02 06:49 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-05-01 18:21 - 2014-04-28 21:17 - 00181390 _____ () C:\Windows\PFRO.log
2014-05-01 07:14 - 2014-04-30 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-01 07:14 - 2014-04-30 22:02 - 00000000 ____D () C:\ProgramData\Avira
2014-05-01 07:14 - 2014-04-30 22:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-30 22:02 - 2014-04-30 22:02 - 00001103 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-30 22:02 - 2014-04-27 21:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-30 21:56 - 2014-04-30 21:56 - 00019777 ____C () C:\ComboFix.txt
2014-04-30 21:56 - 2014-04-29 22:05 - 00000000 ___DC () C:\Qoobox
2014-04-30 21:56 - 2014-04-27 21:37 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Apps\2.0
2014-04-30 21:54 - 2009-07-14 04:34 - 00000215 ____C () C:\Windows\system.ini
2014-04-29 22:28 - 2010-09-28 18:38 - 00000000 ____D () C:\Users\TxR
2014-04-29 22:28 - 2010-09-28 18:38 - 00000000 ____D () C:\Users\systemprofile
2014-04-29 22:28 - 2010-09-28 18:38 - 00000000 ____D () C:\Users\RegBack
2014-04-29 22:28 - 2010-09-28 18:38 - 00000000 ____D () C:\Users\Journal
2014-04-29 22:26 - 2014-04-29 22:05 - 00000000 ____D () C:\Windows\erdnt
2014-04-29 21:37 - 2013-03-30 01:37 - 00010437 _____ () C:\Users\Blakkbyrd\Desktop\hijackthis.log
2014-04-29 21:15 - 2014-04-29 21:15 - 00000676 __RSH () C:\Users\Blakkbyrd\ntuser.pol
2014-04-29 19:46 - 2011-05-03 09:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-28 19:50 - 2013-02-25 21:57 - 00001079 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-28 19:50 - 2013-02-25 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-04-28 19:50 - 2013-02-25 21:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-28 18:48 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-27 21:46 - 2010-09-28 18:41 - 00000000 ___RD () C:\Users\Blakkbyrd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup
2014-04-27 21:43 - 2013-04-29 19:59 - 00065024 ___SH () C:\Users\Blakkbyrd\Thumbs.db
2014-04-27 21:42 - 2014-04-27 21:42 - 00001037 _____ () C:\Users\Blakkbyrd\Desktop\Cloud Drive - Verknüpfung.lnk
2014-04-27 21:41 - 2014-04-27 21:41 - 00000000 ____D () C:\Users\Blakkbyrd\Cloud Drive
2014-04-27 21:41 - 2014-04-27 21:37 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Deployment
2014-04-27 21:40 - 2013-01-28 12:46 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-04-27 21:39 - 2014-04-27 21:39 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Amazon Cloud Drive
2014-04-27 21:37 - 2014-04-27 21:36 - 00503104 _____ () C:\Users\Blakkbyrd\Downloads\AmazonCloudDriveSetup.exe
2014-04-26 17:53 - 2013-10-21 16:52 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Roaming\Swiss Academic Software
2014-04-26 17:51 - 2013-10-21 16:52 - 00000000 ____D () C:\Users\Blakkbyrd\Documents\Citavi 4
2014-04-26 15:40 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-26 09:30 - 2014-04-26 09:19 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-04-26 08:06 - 2012-02-08 21:44 - 00000000 ____D () C:\Windows\pss
2014-04-25 19:29 - 2013-10-21 16:52 - 00000000 ____D () C:\ProgramData\Swiss Academic Software
2014-04-25 19:29 - 2013-10-21 16:51 - 00001601 _____ () C:\Users\Public\Desktop\Citavi 4.lnk
2014-04-25 19:29 - 2013-10-21 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4
2014-04-25 19:27 - 2014-04-25 19:27 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Local\Downloaded Installations
2014-04-25 14:17 - 2011-12-27 01:21 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-04-25 14:14 - 2012-01-07 18:31 - 00000000 ____D () C:\Users\Blakkbyrd\Desktop\Sonstige Programme
2014-04-25 12:31 - 2009-07-14 04:34 - 73924608 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old
2014-04-25 12:31 - 2009-07-14 04:34 - 30670848 _____ () C:\Windows\system32\config\SYSTEM_tureg_old
2014-04-25 12:31 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY_tureg_old
2014-04-25 12:27 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM_tureg_old
2014-04-25 12:27 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT_tureg_old
2014-04-21 12:51 - 2009-07-14 06:45 - 00344864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-21 10:01 - 2013-08-27 18:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-18 16:31 - 2010-04-26 15:06 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-04-18 16:31 - 2010-04-26 15:06 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-04-18 16:31 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 19:01 - 2014-04-14 19:01 - 02328864 _____ () C:\Users\Blakkbyrd\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2014-04-14 19:01 - 2012-01-07 19:23 - 00000000 ____D () C:\Users\Blakkbyrd\AppData\Roaming\Amazon
2014-04-09 21:40 - 2012-02-07 22:02 - 00000000 ____D () C:\Users\Blakkbyrd\Documents\My Games
2014-04-09 21:37 - 2010-09-29 02:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-07 06:18 - 2014-04-07 06:18 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf5218679b7537.job
Files to move or delete:
====================
C:\ProgramData\frjrl9j.ctrl
C:\ProgramData\frjrl9j.pff
C:\ProgramData\grhbbnwl.ctrl
C:\ProgramData\grhbbnwl.pff
C:\ProgramData\j6lbrj2bn.ctrl
C:\ProgramData\j6lbrj2bn.pff
C:\ProgramData\urlccdhlftxcwbvuuwc.bat
C:\ProgramData\urlccdhlftxcwbvuuwc.reg
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
LastRegBack: 2013-09-02 15:21
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-05-2014
Ran by Blakkbyrd at 2014-05-05 19:52:24
Running from C:\Users\Blakkbyrd\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.7 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AGEIA PhysX v7.07.24 (HKLM-x32\...\{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}) (Version: 7.07.24 - AGEIA Technologies, Inc.)
AIS Connect (HKLM-x32\...\AIS Connect) (Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH)
AIS Connect (x32 Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) Hidden
Amazon Cloud Drive (HKCU\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{e932572a-a65f-40cb-bdb9-fde856c8b6f5}) (Version: 1.1.12.20001 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.12.20001 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BDE_PRO (x32 Version: 5.1.1 - Borland Software Corp.) Hidden
Bluetooth Feature Pack 5.0 (HKLM\...\{B2F4C332-2359-4ADE-AF0C-C631768BBB89}) (Version: 5.0.14 - CSR Plc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
eBay (HKLM-x32\...\{9983CD31-473F-4808-8317-5346119F0187}) (Version: 1.0.1 - eBay Inc.)
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version: - )
Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.006 - HTC Corporation)
HTC Sync (HKLM-x32\...\{3B345B4A-2E94-4346-A38F-17E1347A0DA7}) (Version: 3.0.5527 - HTC Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
interCAD (HKLM-x32\...\{E93A9ECE-6459-4652-AC62-701A1D9A8BB9}) (Version: 1.78.6.16 - Solva Groep B.V.)
interCAD (x32 Version: 1.78.6.16 - Solva Groep B.V.) Hidden
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416025FF}) (Version: 6.0.250 - Oracle)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60129.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version: - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
Schachtrainer (HKLM-x32\...\Schachtrainer_is1) (Version: - Tivola Development GmbH)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Sony Ericsson Drivers (HKLM-x32\...\{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}) (Version: 1.0.28 - Sony Ericsson)
StarVars '97 for Win32 (HKLM-x32\...\StarVars '97 for Win32) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
SystemDiagnostics (HKLM-x32\...\{EF59DB7F-7426-426E-B862-7031F83ED304}) (Version: 2.04.0006 - Fujitsu Technology Solutions)
TuneUp Utilities (HKLM-x32\...\TuneUp Utilities) (Version: 9.0.4500.29 - TuneUp Software)
TuneUp Utilities (x32 Version: 9.0.4500.29 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-GB) (x32 Version: 9.0.4500.29 - TuneUp Software) Hidden
Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Wireless Selector (HKLM-x32\...\InstallShield_{51692C66-5505-41B8-92A7-548C69FB867C}) (Version: - )
Wireless Selector (Version: 4.01.00.101 - FUJITSU LIMITED) Hidden
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-04-29 22:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {13F6C31A-607B-4C68-853A-061AE4C23A4B} - System32\Tasks\{CADBA601-5943-49CD-A87E-D0ACC3B8486F} => D:\Games\blood money\Hitman - Blood Money.exe
Task: {39DC7ABF-498D-4F9D-A239-00DF620D5AA0} - System32\Tasks\{A45763C8-7869-4955-B449-BC9ACDBC6ADF} => D:\You Don't Know Jack 4\YDKJ 4.exe
Task: {3A6C8EA1-7615-45AC-85D7-F64D4529922B} - System32\Tasks\{06D23584-01AB-4344-92E7-463848B42EF1} => C:\Program Files (x86)\Wildfire Software\WinLems\WinLems.exe
Task: {3CB819C5-526D-44CD-BDB7-29D25608FC11} - System32\Tasks\{98025E14-A70A-4F69-A096-1FD4B992A077} => C:\Program Files (x86)\Wildfire Software\WinLems\WinLems.exe
Task: {40255791-6B6B-4F33-B2D6-10BF2FAFFF28} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23] (Adobe Systems Incorporated)
Task: {534562DC-4493-4D56-B0D6-7EBEE96588DA} - System32\Tasks\{E2D54697-563F-48A5-ADDD-FFF00231B4CD} => D:\Downloads\Lemmings_en\Lemmings_en\SETUP.EXE
Task: {600380F5-E451-4722-B6BF-228E48D122DE} - System32\Tasks\{29588C02-121A-40FA-A042-2981C8C4D2F6} => D:\Downloads\Lemmings_en\SETUP.EXE
Task: {60F43493-CA59-430A-A1BF-83ACE5E02F60} - System32\Tasks\{BC4E4BBD-C172-42A6-9CE7-8738DAFB3579} => D:\Downloads\Lemmings_en\LEMMINGS\INSTALL.EXE
Task: {6250DF27-EDD6-4AE5-BBFB-9EB981E505EE} - System32\Tasks\{0B9B3D8F-4719-48E6-962C-EBBD16E35DDD} => D:\Downloads\Lemmings_en\LEMMINGS\INSTALL.EXE
Task: {65078C63-023B-47CF-8225-93087226BBB5} - System32\Tasks\{D96183EB-4FD3-425A-BED1-C825DD4CAFA5} => C:\Program Files (x86)\Wildfire Software\WinLems\WinLems.exe
Task: {68CF6784-AF3F-416D-8310-8640F5CBBF7F} - System32\Tasks\{4CBA0B4C-7BD8-480A-BCBA-158F7080D882} => D:\Games\blood money\Hitman - Blood Money.exe
Task: {695951D1-4C0F-46C5-B146-D8ED5CCC6DCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16] (Google Inc.)
Task: {69597F7C-8FC5-4971-BFC6-85C06FF154F2} - System32\Tasks\{2914AFBB-A8B4-43F8-9FB3-CCC6038248F7} => D:\You Don't Know Jack 4\YDKJ 4.exe
Task: {6D56AB38-68C6-473C-B63D-328D6EC64384} - System32\Tasks\{BEED466B-3880-47BE-B007-542C3B401B68} => C:\Program Files (x86)\Wildfire Software\WinLems\WinLems.exe
Task: {6F4C15A0-4B3E-4005-9663-0F6E90A893FF} - System32\Tasks\{F85BCD23-4723-4482-BC8B-8AD078D204AB} => D:\Downloads\Lemmings_en\Lemmings_en\SETUP.EXE
Task: {771F8223-27D3-46A0-86EF-DACAC9676292} - System32\Tasks\{E0DCF817-FF19-40F8-A0FA-37C0EBA756C0} => D:\Downloads\Lemmings_en\SETUP.EXE
Task: {7E144021-21DC-422B-9768-0A8018E90BEC} - System32\Tasks\{D7B6F808-D0A7-4DF8-B5AF-B88F252C0520} => D:\Downloads\Lemmings_en\WING\GSETUP.EXE
Task: {86062672-A879-42B5-86ED-2FBFDEBC1FDF} - System32\Tasks\{7446560D-7D34-4A92-91FA-50302EF5E5FE} => D:\Downloads\Lemmings_en\WING\GSETUP.EXE
Task: {86C0C8C2-42F0-4279-AACA-9B75BB9CDA34} - System32\Tasks\{1B0824B5-C27E-4E55-A663-1B31262A8255} => D:\Downloads\Lemmings_en\LEMMINGS\INSTALL.EXE
Task: {877FE3E3-1530-4228-BF55-CF47AEAD7BE2} - System32\Tasks\{CA19CB5E-514E-463E-83C8-ACD23D90FB82} => C:\Program Files (x86)\Wildfire Software\WinLems\WinLems.exe
Task: {8B726F34-5194-405B-8C9F-EA4A735F9D46} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe [2010-08-13] (TuneUp Software)
Task: {8C5B2429-2ED3-4F84-A88C-A74674FDA3C5} - System32\Tasks\{019EB8E7-8274-4D7B-B6D5-6BDDADCCF309} => D:\Downloads\Lemmings_en\WING\GSETUP.EXE
Task: {9F5F34AD-8660-4B08-9571-82F6F0C57BC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16] (Google Inc.)
Task: {B53D7FD2-860C-4F8E-AB93-36359AA8E155} - System32\Tasks\{8197684A-8840-42AE-9EAA-0917243A2EEB} => C:\Program Files (x86)\Wildfire Software\WinLems\WinLems.exe
Task: {B8C6F48E-777B-4141-830F-B7B903701C8B} - System32\Tasks\{952810C0-9C2E-4B4F-A10F-AF72B253A81A} => D:\Downloads\Lemmings_en\LEMMINGS\INSTALL.EXE
Task: {C2237801-BF49-496C-BB7D-A429A1F8594D} - System32\Tasks\{2EE61E15-9B88-455A-A8F5-847546063FD4} => C:\Program Files (x86)\Wildfire Software\WinLems\WinLems.exe
Task: {C84E4C8B-E1EA-4DB2-88F9-3A4323E89880} - System32\Tasks\{6982CBF6-53E8-4E4F-8E58-19C1D7EB89D9} => D:\Downloads\Lemmings_en\SETUP.EXE
Task: {CDB76601-EF91-4AC0-BA61-99F254538EB2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-27] (Adobe Systems Incorporated)
Task: {DCD8CCFC-EB8E-40A3-9A1B-658DA4CB5734} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-03-08] ()
Task: {E06AFC40-62AF-4FAE-9140-922803114242} - System32\Tasks\{00FE1F42-E1DA-42DF-B525-201BEAF8758A} => D:\Downloads\Lemmings_en\WING\GSETUP.EXE
Task: {E577345C-E573-4408-8C55-F9752D2F1993} - System32\Tasks\{91A852AC-5860-4AEB-86D6-EB2E27B042C2} => D:\Downloads\Lemmings_en\SETUP.EXE
Task: {E7579303-70F0-4487-8942-201471C2CAB0} - System32\Tasks\{E3A901D1-93A7-4192-A6D5-5B42EE72F3A2} => D:\Downloads\Lemmings_en\Lemmings_en\SETUP.EXE
Task: {FC96038C-32C2-4D27-B716-875AA99F7376} - System32\Tasks\{36CB24BF-B8EA-437A-8FFE-0100341BE98A} => D:\Downloads\Lemmings_en\LEMMINGS\INSTALL.EXE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf5218679b7537.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-09-29 18:29 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2014-05-01 07:14 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-04-30 11:38 - 2014-04-30 11:38 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-04-30 11:38 - 2014-04-30 11:38 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Avira.OE.ServiceHost => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AutoStartNPSAgent => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: IndicatorUtility => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LoadBtnHnd => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
MSCONFIG\startupreg: LoadFUJ02E3 => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
MSCONFIG\startupreg: LoadFujitsuQuickTouch => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Blakkbyrd\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Blakkbyrd\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: ypuprqgq => regsvr32.exe "C:\ProgramData\ypuprqgq.dat"
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/05/2014 07:47:04 PM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
Error: (05/05/2014 07:47:04 PM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
Error: (05/05/2014 07:10:08 PM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
Error: (05/05/2014 07:10:08 PM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
Error: (05/05/2014 06:08:34 AM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
Error: (05/05/2014 06:08:34 AM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
Error: (05/04/2014 02:18:37 PM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
Error: (05/04/2014 02:18:37 PM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
Error: (05/03/2014 06:04:53 PM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
Error: (05/03/2014 06:04:53 PM) (Source: Firebird SQL Server) (User: )
Description: Missing configuration file: C:\PROGRA~4\FIREBI~1\firebird.conf, exiting
System errors:
=============
Error: (05/05/2014 07:48:22 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (05/05/2014 07:48:21 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Firebird Guardian - DefaultInstance" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/05/2014 07:47:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Firebird Server - DefaultInstance" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/05/2014 07:47:04 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Firebird Server - DefaultInstance erreicht.
Error: (05/05/2014 07:46:50 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (05/05/2014 07:11:24 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (05/05/2014 07:11:24 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Firebird Guardian - DefaultInstance" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/05/2014 07:10:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Firebird Server - DefaultInstance" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/05/2014 07:10:08 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Firebird Server - DefaultInstance erreicht.
Error: (05/05/2014 07:09:55 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Microsoft Office Sessions:
=========================
Error: (05/27/2013 07:23:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 582 seconds with 360 seconds of active time. This session ended with a crash.
Error: (07/03/2011 05:59:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2316 seconds with 2220 seconds of active time. This session ended with a crash.
Error: (01/22/2011 07:13:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14569 seconds with 9960 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-04-29 22:22:48.078
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-29 22:22:47.891
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-12-26 08:51:45.208
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\123e38.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-12-26 08:51:45.080
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\123e38.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 52%
Total physical RAM: 1908.55 MB
Available physical RAM: 897.2 MB
Total Pagefile: 3817.11 MB
Available Pagefile: 2592.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:60 GB) (Free:16.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:170.87 GB) (Free:88.72 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 8E760A6D)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=171 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-05 20:26:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.01.0 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\BLAKKB~1\AppData\Local\Temp\uwddapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075751465 2 bytes [75, 75]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757514bb 2 bytes [75, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\b482fe64ddae (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\b482fe64ddae@34c3acd62bc0 0xB0 0x66 0xA6 0xC8 ...
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\b482fe64ddae@1887960815fe 0xBA 0xE7 0xB4 0x20 ...
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\b482fe64ddae@0012ee3b975d 0xDC 0xAD 0x5C 0x9A ...
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\b482fe64ddae@0019631a4df6 0x25 0xAA 0xD2 0xA4 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB3 0x85 0x95 0x85 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0x21 0x96 0x7C ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x78 0xFD 0x64 0x1A ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFF 0x02 0x4D 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe64ddae
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe64ddae@34c3acd62bc0 0xB0 0x66 0xA6 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe64ddae@1887960815fe 0xBA 0xE7 0xB4 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe64ddae@0012ee3b975d 0xAE 0x1B 0x88 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe64ddae@0019631a4df6 0xB4 0xD7 0x1E 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe64ddae@002345321605 0xE1 0x41 0x04 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe64ddae@3017c857316c 0x26 0x9D 0x95 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB3 0x85 0x95 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0x21 0x96 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\b482fe64ddae (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\b482fe64ddae@34c3acd62bc0 0xB0 0x66 0xA6 0xC8 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\b482fe64ddae@1887960815fe 0xBA 0xE7 0xB4 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\b482fe64ddae@0012ee3b975d 0xAE 0x1B 0x88 0x54 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\b482fe64ddae@0019631a4df6 0xB4 0xD7 0x1E 0xA7 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\b482fe64ddae@002345321605 0xE1 0x41 0x04 0x09 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\b482fe64ddae@3017c857316c 0x26 0x9D 0x95 0x3D ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB3 0x85 0x95 0x85 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0x21 0x96 0x7C ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:37:54, on 29.04.2014 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v11.0 (11.00.9600.16521) Boot mode: Safe mode with network support Running processes: D:\programme\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.100.200:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - .DEFAULT User Startup: LaunchCenter.lnk = C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (User 'Default user') O8 - Extra context menu item: &Citavi Picker... - file://C:\Program Files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\PROGRA~4\FIREBI~1\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\PROGRA~4\FIREBI~1\bin\fbserver.exe O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\PSUtility\PSUService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Unterstützung für Bluetooth-Funktionen (VFPRadioSupportService) - CSR, plc - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WirelessSelectorService - Unknown owner - C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10435 bytes |
| Themen zu WIN7: Avira wird durch Gruppenrichtlinie blockiert |
| acrobat update, antivir, antivirus, association, avira, avira wird durch gruppenrichtlinie blockiert, blockiert, browser, device driver, durch gruppenrichtlinie blockiert, error, excel, fehlermeldung, flash player, gruppenrichtline, gruppenrichtlinie blockiert, helper, hijackthis logfile, logfile, mozilla, object, popup, problem, programm, registry, rootkit, scan, security, services.exe, spotify web helper, starten, svchost.exe, wiso |
Baum-Darstellung