| |
| |||||||
Log-Analyse und Auswertung: Trojaner TR/Crypt.ZPACK.65865 gefunden!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.08.2014, 08:45
| #1 |
 |  Trojaner TR/Crypt.ZPACK.65865 gefunden! Hallo Ich habe vor ein paar Tagen eine Email mit einer Zahlungsaufforderung bekommen, die angeblich von Paypal war. Blöd wie ich bin, habe ich natürlich gleich versucht den Anhang runterzuladen und seitdem habe ich einen Trojaner. Ich habe schon Malwarebytes und CCleaner auf eigene Faust angewendet aber nach 3 Tagen kam von Avira wieder die Meldung das ich einen Virus habe. Hier die Logfiles: defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:59 on 11/08/2014 (Gunnar)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-08-2014 01
Ran by Gunnar (administrator) on GUNNAR-PC on 11-08-2014 09:02:04
Running from C:\Users\Gunnar\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Gainward Co.) C:\Program Files\EXPERTool\TBPANEL.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\KodakSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Windows\System32\Dxpserver.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-2415819902-1883768789-382756440-1000\...\Run: [GAINWARD] => C:\Program Files\EXPERTool\TBPanel.exe [2181744 2010-09-02] (Gainward Co.)
HKU\S-1-5-21-2415819902-1883768789-382756440-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2415819902-1883768789-382756440-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2415819902-1883768789-382756440-1000\...\MountPoints2: {26b2346b-89bd-11e3-aafc-001a4f9c0c7f} - E:\setup.exe
HKU\S-1-5-21-2415819902-1883768789-382756440-1000\...\MountPoints2: {c2955512-945d-11e2-9414-3085a9426e88} - E:\pushinst.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0DD53887C926CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\9verf5au.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\9verf5au.default\Extensions\2020Player_IKEA@2020Technologies.com [2013-07-12]
FF Extension: Avira Browser Safety - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\9verf5au.default\Extensions\abs@avira.com [2014-08-07]
FF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\9verf5au.default\Extensions\artur.dubovoy@gmail.com [2014-08-01]
FF Extension: Garmin Communicator - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\9verf5au.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-05-31]
FF Extension: Adblock Plus - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\9verf5au.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-02]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
S2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe [274432 2008-10-10] (Eastman Kodak Company) [File not signed]
R2 KodakSvc; C:\Program Files\Kodak\AiO\center\KodakSvc.exe [28672 2008-12-01] (Eastman Kodak Company) [File not signed]
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14652704 2013-11-14] (NVIDIA Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-05] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-01-30] (Disc Soft Ltd)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2010-10-22] (AVM GmbH)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-18] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [33568 2013-11-14] (NVIDIA Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-22] (Avira GmbH)
S3 TBPanel; C:\Windows\system32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-11 09:02 - 2014-08-11 09:02 - 00010968 _____ () C:\Users\Gunnar\Desktop\FRST.txt
2014-08-11 09:01 - 2014-08-11 09:02 - 00000000 ____D () C:\FRST
2014-08-11 09:01 - 2014-08-11 09:01 - 01091072 _____ (Farbar) C:\Users\Gunnar\Downloads\FRST.exe
2014-08-11 09:01 - 2014-08-11 09:01 - 01091072 _____ (Farbar) C:\Users\Gunnar\Desktop\FRST.exe
2014-08-11 08:59 - 2014-08-11 08:59 - 00000544 _____ () C:\Users\Gunnar\Desktop\defogger_disable.log
2014-08-11 08:59 - 2014-08-11 08:59 - 00000156 _____ () C:\Users\Gunnar\defogger_reenable
2014-08-11 08:57 - 2014-08-11 08:57 - 00050477 _____ () C:\Users\Gunnar\Downloads\Defogger.exe
2014-08-11 08:57 - 2014-08-11 08:57 - 00050477 _____ () C:\Users\Gunnar\Desktop\Defogger.exe
2014-08-10 19:20 - 2014-08-11 08:01 - 00000098 _____ () C:\Users\Gunnar\Desktop\as.txt
2014-08-09 08:01 - 2014-08-09 08:02 - 00000000 ____D () C:\Users\Gunnar\Desktop\Thailand bearbeitet
2014-08-08 11:05 - 2014-08-08 11:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-08 11:04 - 2014-08-08 11:04 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-08 11:04 - 2014-08-08 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-08 11:03 - 2014-08-08 11:04 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-08 11:03 - 2014-08-08 11:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-08 11:03 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-08 11:03 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-08 11:03 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-08 10:56 - 2014-08-08 10:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gunnar\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-08 10:43 - 2014-08-09 06:38 - 00004392 _____ () C:\Windows\PFRO.log
2014-08-08 10:40 - 2014-08-08 10:42 - 00000000 ____D () C:\AdwCleaner
2014-08-08 10:40 - 2014-08-08 10:40 - 01475072 _____ () C:\Users\Gunnar\Downloads\adwcleaner_3.303.exe
2014-08-08 10:30 - 2014-08-11 07:04 - 00001848 _____ () C:\Windows\setupact.log
2014-08-08 10:30 - 2014-08-08 10:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-08 07:33 - 2014-08-08 07:33 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-08 07:33 - 2014-08-08 07:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-08 07:33 - 2014-08-08 07:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-08 07:32 - 2014-08-08 07:32 - 03738080 _____ (Piriform Ltd) C:\Users\Gunnar\Downloads\ccsetup416_slim.exe
2014-08-07 16:40 - 2014-08-07 16:40 - 00002048 _____ () C:\Users\Gunnar\Desktop\Avira Free Antivirus Profil Manuelle Auswahl.LNK
2014-08-07 16:30 - 2014-08-07 16:35 - 00000000 ____D () C:\ProgramData\qdr
2014-08-07 16:29 - 2014-08-08 11:16 - 00000000 ___HD () C:\Users\Gunnar\AppData\Roaming\Outo
2014-08-07 14:36 - 2014-08-07 14:42 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-06 21:59 - 2014-08-06 22:00 - 00000000 ____D () C:\Users\Gunnar\Desktop\Fotos
2014-08-06 12:52 - 2014-08-06 12:52 - 00006953 _____ () C:\Users\Gunnar\Desktop\Sparkasse Bielefeld (480 501 61) - Finanzstatus Fenna.htm
2014-08-05 08:46 - 2014-08-05 08:46 - 00004611 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-05 08:46 - 2014-08-05 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-05 08:46 - 2014-08-05 08:46 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-05 08:46 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-05 08:46 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-05 08:46 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-05 08:46 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-31 07:26 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 07:26 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 07:26 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 07:26 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 07:26 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 07:26 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 07:26 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 07:26 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 07:26 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-29 21:51 - 2014-07-29 21:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 21:04 - 2014-07-29 21:04 - 00001858 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-29 21:03 - 2014-08-07 14:42 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-29 21:02 - 2014-07-29 21:02 - 36347672 _____ (Garmin Ltd or its subsidiaries) C:\Users\Gunnar\Downloads\GarminExpressInstaller.exe
2014-07-27 06:58 - 2014-08-03 09:40 - 00000000 ____D () C:\Users\Gunnar\Desktop\Thailand
2014-07-15 09:48 - 2014-07-15 09:48 - 00038188 _____ () C:\Users\Gunnar\Desktop\Universität Bielefeld.htm
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-11 09:02 - 2014-08-11 09:02 - 00010968 _____ () C:\Users\Gunnar\Desktop\FRST.txt
2014-08-11 09:02 - 2014-08-11 09:01 - 00000000 ____D () C:\FRST
2014-08-11 09:01 - 2014-08-11 09:01 - 01091072 _____ (Farbar) C:\Users\Gunnar\Downloads\FRST.exe
2014-08-11 09:01 - 2014-08-11 09:01 - 01091072 _____ (Farbar) C:\Users\Gunnar\Desktop\FRST.exe
2014-08-11 08:59 - 2014-08-11 08:59 - 00000544 _____ () C:\Users\Gunnar\Desktop\defogger_disable.log
2014-08-11 08:59 - 2014-08-11 08:59 - 00000156 _____ () C:\Users\Gunnar\defogger_reenable
2014-08-11 08:59 - 2013-03-21 16:22 - 00000000 ____D () C:\Users\Gunnar
2014-08-11 08:57 - 2014-08-11 08:57 - 00050477 _____ () C:\Users\Gunnar\Downloads\Defogger.exe
2014-08-11 08:57 - 2014-08-11 08:57 - 00050477 _____ () C:\Users\Gunnar\Desktop\Defogger.exe
2014-08-11 08:43 - 2013-03-21 15:50 - 01654803 _____ () C:\Windows\WindowsUpdate.log
2014-08-11 08:26 - 2013-03-22 10:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-11 08:24 - 2013-04-20 21:36 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-11 08:01 - 2014-08-10 19:20 - 00000098 _____ () C:\Users\Gunnar\Desktop\as.txt
2014-08-11 07:24 - 2013-04-20 21:36 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-11 07:11 - 2009-07-14 06:34 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-11 07:11 - 2009-07-14 06:34 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-11 07:04 - 2014-08-08 10:30 - 00001848 _____ () C:\Windows\setupact.log
2014-08-11 07:04 - 2013-03-21 17:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-11 07:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-10 22:23 - 2013-05-11 13:18 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 08:02 - 2014-08-09 08:01 - 00000000 ____D () C:\Users\Gunnar\Desktop\Thailand bearbeitet
2014-08-09 06:38 - 2014-08-08 10:43 - 00004392 _____ () C:\Windows\PFRO.log
2014-08-08 11:16 - 2014-08-07 16:29 - 00000000 ___HD () C:\Users\Gunnar\AppData\Roaming\Outo
2014-08-08 11:05 - 2014-08-08 11:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-08 11:04 - 2014-08-08 11:04 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-08 11:04 - 2014-08-08 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-08 11:04 - 2014-08-08 11:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-08 11:03 - 2014-08-08 11:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-08 10:57 - 2014-08-08 10:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gunnar\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-08 10:42 - 2014-08-08 10:40 - 00000000 ____D () C:\AdwCleaner
2014-08-08 10:40 - 2014-08-08 10:40 - 01475072 _____ () C:\Users\Gunnar\Downloads\adwcleaner_3.303.exe
2014-08-08 10:30 - 2014-08-08 10:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-08 08:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-08-08 07:37 - 2014-03-02 11:33 - 00000000 ____D () C:\Users\Gunnar\AppData\Roaming\TS3Client
2014-08-08 07:37 - 2014-01-30 17:20 - 00000000 ____D () C:\Users\Gunnar\AppData\Roaming\DAEMON Tools Lite
2014-08-08 07:36 - 2013-03-21 15:46 - 00000000 ____D () C:\Windows\Panther
2014-08-08 07:33 - 2014-08-08 07:33 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-08 07:33 - 2014-08-08 07:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-08 07:33 - 2014-08-08 07:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-08 07:32 - 2014-08-08 07:32 - 03738080 _____ (Piriform Ltd) C:\Users\Gunnar\Downloads\ccsetup416_slim.exe
2014-08-07 16:40 - 2014-08-07 16:40 - 00002048 _____ () C:\Users\Gunnar\Desktop\Avira Free Antivirus Profil Manuelle Auswahl.LNK
2014-08-07 16:35 - 2014-08-07 16:30 - 00000000 ____D () C:\ProgramData\qdr
2014-08-07 14:42 - 2014-08-07 14:36 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-07 14:42 - 2014-07-29 21:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-07 14:42 - 2013-03-22 09:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-07 14:42 - 2013-03-22 09:20 - 00000000 ____D () C:\Program Files\Avira
2014-08-07 14:36 - 2013-03-22 09:20 - 00000000 ____D () C:\ProgramData\Avira
2014-08-06 22:00 - 2014-08-06 21:59 - 00000000 ____D () C:\Users\Gunnar\Desktop\Fotos
2014-08-06 12:52 - 2014-08-06 12:52 - 00006953 _____ () C:\Users\Gunnar\Desktop\Sparkasse Bielefeld (480 501 61) - Finanzstatus Fenna.htm
2014-08-05 08:47 - 2014-03-03 08:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-05 08:46 - 2014-08-05 08:46 - 00004611 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-05 08:46 - 2014-08-05 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-05 08:46 - 2014-08-05 08:46 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-05 08:46 - 2014-03-03 08:55 - 00000000 ____D () C:\Program Files\Java
2014-08-03 09:40 - 2014-07-27 06:58 - 00000000 ____D () C:\Users\Gunnar\Desktop\Thailand
2014-07-31 11:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-07-31 09:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-07-30 15:33 - 2013-03-22 09:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-29 21:51 - 2014-07-29 21:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 21:05 - 2014-05-18 11:45 - 00000000 ____D () C:\Users\Gunnar\AppData\Local\Garmin
2014-07-29 21:05 - 2014-05-18 11:45 - 00000000 ____D () C:\ProgramData\Garmin
2014-07-29 21:05 - 2014-05-18 11:44 - 00000000 ____D () C:\Users\Gunnar\AppData\Roaming\Garmin
2014-07-29 21:04 - 2014-07-29 21:04 - 00001858 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-29 21:04 - 2014-06-05 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-07-29 21:04 - 2014-05-18 11:44 - 00000000 ____D () C:\Program Files\Garmin
2014-07-29 21:04 - 2014-05-18 11:44 - 00000000 ____D () C:\Program Files\DIFX
2014-07-29 21:02 - 2014-07-29 21:02 - 36347672 _____ (Garmin Ltd or its subsidiaries) C:\Users\Gunnar\Downloads\GarminExpressInstaller.exe
2014-07-27 16:00 - 2010-11-20 23:01 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-25 15:13 - 2013-06-19 19:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 12:55 - 2014-08-05 08:46 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-25 12:49 - 2014-08-05 08:46 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-25 12:49 - 2014-08-05 08:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-25 12:49 - 2014-08-05 08:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-24 16:03 - 2013-06-19 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-20 08:43 - 2013-12-17 22:24 - 00000000 ____D () C:\Users\Gunnar\Desktop\Fenna
2014-07-15 13:11 - 2013-05-07 15:17 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-15 09:48 - 2014-07-15 09:48 - 00038188 _____ () C:\Users\Gunnar\Desktop\Universität Bielefeld.htm
2014-07-13 18:51 - 2013-05-11 13:18 - 00000000 ____D () C:\Users\Gunnar\AppData\Roaming\Skype
Some content of TEMP:
====================
C:\Users\Gunnar\AppData\Local\Temp\avgnt.exe
C:\Users\Gunnar\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-11 08:29
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-08-2014 01
Ran by Gunnar at 2014-08-11 09:02:47
Running from C:\Users\Gunnar\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
aiofw (Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
aioprnt (Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
aioscnnr (Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avira (HKLM\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version: - AVM Berlin)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
center (Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
Cool Edit Pro 2.0 (HKLM\...\Cool Edit Pro 2.0) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Elevated Installer (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
EPU-4 Engine (HKLM\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
EXPERTool 7.13 (HKLM\...\MySSID_is1) (Version: - Gainward Co., Ltd)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Mp3 Wma Converter V 2.2 (HKLM\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.12.1.320 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.1.320 - DVDVideoSoft Ltd.)
Freizeitkarte_DEU (Ausgabe 14.05) (HKLM\...\Freizeitkarte_DEU) (Version: - )
Garmin BaseCamp (HKLM\...\{00BC5C92-9F00-41B2-AE04-4C6B5DF0981F}) (Version: 4.3.2 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Kodak All-in-One-Druckersoftware (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 3.20.0.0 - Eastman Kodak Company)
ksDIP (Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
League of Legends (HKLM\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.55a (HKLM\...\Mp3tag) (Version: v2.55a - Florian Heidenreich)
MP4 To MP3 Converter V3.0.5 (HKLM\...\MP4 To MP3 Converter_is1) (Version: - hxxp://www.MP4ToMP3Converter.net)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5944 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.7.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3182 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
OSM generic routable(Thailand) (HKLM\...\OSM generic routable(Thailand)) (Version: - )
PokerStars.eu (HKLM\...\PokerStars.eu) (Version: - PokerStars.eu)
PreReq (Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
PS3 Video 9 6 (HKLM\...\PS3 Video 9) (Version: 6 - Red Kawa)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Southpark Stick of Truth (HKLM\...\U291dGhwYXJrU3RpY2tvZlRydXRo_is1) (Version: 1 - )
SpaceEngine Version 0.9.7.1 (HKLM\...\{53E413B3-2417-4BD1-984D-8C92C81C231F}_is1) (Version: 0.9.7.1 - SpaceEngine)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
06-08-2014 15:37:33 Windows Update
06-08-2014 17:01:41 Windows Update
06-08-2014 20:41:04 Windows Update
07-08-2014 05:55:07 Windows Update
07-08-2014 21:25:51 Windows Update
08-08-2014 19:49:18 Windows Update
09-08-2014 06:49:15 Windows Update
09-08-2014 16:38:20 Windows Update
09-08-2014 23:49:43 Windows Update
10-08-2014 08:54:03 Windows Update
10-08-2014 20:23:22 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {217D1D2D-B009-4F12-A3EA-6AEF98BC49D2} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()
Task: {250C24DE-3CB4-44C8-9448-B06CACB11920} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {2D7345D4-DF07-4922-99C8-A21BD93DEEE1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-20] (Google Inc.)
Task: {48AC5A4E-E383-4B6A-A9BC-1E1DB2A7E1D5} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {CC2D7F88-733D-4CB5-BF7C-762BDB9D8C6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-20] (Google Inc.)
Task: {FEE02260-D415-4ACB-8AD6-50538CAFAD6F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-04-14 22:29 - 2013-11-11 16:26 - 00092448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-03-21 17:36 - 2007-01-31 11:56 - 00032768 _____ () C:\Program Files\EXPERTool\TBPanelExt.dll
2013-03-21 17:34 - 2009-03-19 23:35 - 00208896 _____ () C:\Program Files\ASUS\EPU-4 Engine\AiNap.dll
2013-03-21 17:34 - 2009-03-19 23:35 - 00008704 _____ () C:\Program Files\ASUS\EPU-4 Engine\vvc.dll
2013-03-21 17:34 - 2009-01-15 15:55 - 00565248 _____ () C:\Program Files\ASUS\EPU-4 Engine\pngio.dll
2013-03-21 17:34 - 2009-10-01 05:33 - 00024576 ____R () C:\Windows\system32\AsIo.dll
2013-03-21 17:34 - 2009-03-25 17:53 - 00053248 _____ () C:\Program Files\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2014-08-07 14:36 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\Gunnar\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2013-03-21 17:36 - 1998-10-31 11:55 - 00005120 _____ () C:\Program Files\EXPERTool\TBManage.dll
2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-07-29 21:51 - 2014-07-29 21:51 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/11/2014 07:05:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/10/2014 10:24:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Skype™ 6.11 -- Error 1316. A network error occurred while attempting to read from the file: C:\ProgramData\Skype\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\Setup_product_2704.msi
Error: (08/10/2014 07:42:25 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (08/10/2014 06:41:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/10/2014 10:54:31 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Skype™ 6.11 -- Error 1316. A network error occurred while attempting to read from the file: C:\ProgramData\Skype\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\Setup_product_2704.msi
Error: (08/10/2014 08:37:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/10/2014 01:50:32 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Skype™ 6.11 -- Error 1316. A network error occurred while attempting to read from the file: C:\ProgramData\Skype\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\Setup_product_2704.msi
Error: (08/10/2014 01:46:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/09/2014 06:38:55 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Skype™ 6.11 -- Error 1316. A network error occurred while attempting to read from the file: C:\ProgramData\Skype\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\Setup_product_2704.msi
Error: (08/09/2014 05:53:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x12bc
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
System errors:
=============
Error: (08/11/2014 07:04:18 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Kodak AiO Network Discovery Service" ist von folgendem Dienst abhängig: Bonjour Service. Dieser Dienst ist eventuell nicht installiert.
Error: (08/10/2014 10:24:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Aktualisierung für Skype für Windows Desktop 6.11 (KB2876229)
Error: (08/10/2014 06:39:34 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Kodak AiO Network Discovery Service" ist von folgendem Dienst abhängig: Bonjour Service. Dieser Dienst ist eventuell nicht installiert.
Error: (08/10/2014 10:54:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Aktualisierung für Skype für Windows Desktop 6.11 (KB2876229)
Error: (08/10/2014 08:36:17 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Kodak AiO Network Discovery Service" ist von folgendem Dienst abhängig: Bonjour Service. Dieser Dienst ist eventuell nicht installiert.
Error: (08/10/2014 01:50:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Aktualisierung für Skype für Windows Desktop 6.11 (KB2876229)
Error: (08/10/2014 01:44:34 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Kodak AiO Network Discovery Service" ist von folgendem Dienst abhängig: Bonjour Service. Dieser Dienst ist eventuell nicht installiert.
Error: (08/09/2014 06:42:37 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Kodak AiO Network Discovery Service" ist von folgendem Dienst abhängig: Bonjour Service. Dieser Dienst ist eventuell nicht installiert.
Error: (08/09/2014 06:38:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Aktualisierung für Skype für Windows Desktop 6.11 (KB2876229)
Error: (08/09/2014 05:34:21 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Kodak AiO Network Discovery Service" ist von folgendem Dienst abhängig: Bonjour Service. Dieser Dienst ist eventuell nicht installiert.
Microsoft Office Sessions:
=========================
Error: (08/11/2014 07:05:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/10/2014 10:24:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Skype™ 6.11 -- Error 1316. A network error occurred while attempting to read from the file: C:\ProgramData\Skype\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\Setup_product_2704.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/10/2014 07:42:25 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (08/10/2014 06:41:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/10/2014 10:54:31 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Skype™ 6.11 -- Error 1316. A network error occurred while attempting to read from the file: C:\ProgramData\Skype\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\Setup_product_2704.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/10/2014 08:37:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/10/2014 01:50:32 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Skype™ 6.11 -- Error 1316. A network error occurred while attempting to read from the file: C:\ProgramData\Skype\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\Setup_product_2704.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/10/2014 01:46:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/09/2014 06:38:55 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Skype™ 6.11 -- Error 1316. A network error occurred while attempting to read from the file: C:\ProgramData\Skype\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\Setup_product_2704.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/09/2014 05:53:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b12bc01cfb3e86c2f1af8C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll58d7080d-1fdd-11e4-9e8e-3085a9426e88
==================== Memory info ===========================
Percentage of memory in use: 50%
Total physical RAM: 3326.12 MB
Available physical RAM: 1646.25 MB
Total Pagefile: 6650.52 MB
Available Pagefile: 4660.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.91 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:783.75 GB) NTFS
Drive e: (southpark) (CDROM) (Total:4.24 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A7F6737C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-11 09:17:54
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_DT01ACA100 rev.MS2OA750 931,51GB
Running: fn8457pl.exe; Driver: C:\Users\Gunnar\AppData\Local\Temp\ufdiapog.sys
---- System - GMER 2.1 ----
SSDT 97020946 ZwCreateSection
SSDT 97020950 ZwRequestWaitReplyPort
SSDT 9702094B ZwSetContextThread
SSDT 97020955 ZwSetSecurityObject
SSDT 9702095A ZwSystemDebugControl
SSDT 970208E7 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C7EA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB8212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82CBF58C 4 Bytes [46, 09, 02, 97] {INC ESI; OR [EDX], EAX; XCHG EDI, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82CBF8E8 4 Bytes [50, 09, 02, 97] {PUSH EAX; OR [EDX], EAX; XCHG EDI, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82CBF92C 4 Bytes [4B, 09, 02, 97] {DEC EBX; OR [EDX], EAX; XCHG EDI, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82CBF9A8 4 Bytes [55, 09, 02, 97] {PUSH EBP; OR [EDX], EAX; XCHG EDI, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82CBF9FC 4 Bytes [5A, 09, 02, 97] {POP EDX; OR [EDX], EAX; XCHG EDI, EAX}
.text ...
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{D823EA84-922D-11E2-8424-806E6F6E6963} 3916702512
---- EOF - GMER 2.1 ----
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 11. August 2014 08:48
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : GUNNAR-PC
Versionsinformationen:
BUILD.DAT : 14.0.6.552 92022 Bytes 23.07.2014 13:29:00
AVSCAN.EXE : 14.0.6.548 1046608 Bytes 07.08.2014 12:33:21
AVSCANRC.DLL : 14.0.6.522 62544 Bytes 07.08.2014 12:33:21
LUKE.DLL : 14.0.6.522 57936 Bytes 07.08.2014 12:33:28
AVSCPLR.DLL : 14.0.6.548 92752 Bytes 07.08.2014 12:33:21
AVREG.DLL : 14.0.6.522 262224 Bytes 07.08.2014 12:33:20
avlode.dll : 14.0.6.526 603728 Bytes 07.08.2014 12:33:20
avlode.rdf : 14.0.4.42 65114 Bytes 17.07.2014 13:58:39
XBV00009.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:31
XBV00010.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:31
XBV00011.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:31
XBV00012.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:31
XBV00013.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:31
XBV00014.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:31
XBV00015.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:31
XBV00016.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:31
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:31
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:31
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:31
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:31
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:31
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:31
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 12:33:32
XBV00061.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:33
XBV00062.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:33
XBV00063.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:33
XBV00064.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:33
XBV00065.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:33
XBV00066.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:33
XBV00067.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:33
XBV00068.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:33
XBV00069.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:33
XBV00070.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:33
XBV00071.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00072.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00073.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00074.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00075.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00076.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00077.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00078.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00079.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00080.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00081.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00082.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00083.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00084.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00085.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00086.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00087.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00088.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00089.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00090.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00091.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00092.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00093.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:34
XBV00094.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00095.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00096.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00097.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00098.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00099.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00100.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00101.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00102.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00103.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00104.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00105.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00106.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00107.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00108.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00109.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00110.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00111.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00112.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00113.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00114.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00115.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00116.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00117.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00118.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00119.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00120.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:35
XBV00121.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00122.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00123.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00124.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00125.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00126.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00127.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00128.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00129.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00130.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00131.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00132.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00133.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00134.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00135.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00136.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00137.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00138.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00139.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00140.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00141.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00142.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00143.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00144.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00145.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00146.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00147.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:36
XBV00148.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00149.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00150.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00151.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00152.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00153.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00154.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00155.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00156.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00157.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00158.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00159.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00160.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00161.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00162.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00163.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00164.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00165.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00166.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00167.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00168.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00169.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00170.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00171.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00172.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00173.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00174.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:37
XBV00175.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00176.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00177.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00178.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00179.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00180.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00181.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00182.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00183.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00184.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00185.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00186.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00187.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00188.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00189.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00190.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00191.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00192.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00193.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00194.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00195.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00196.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00197.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00198.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00199.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00200.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00201.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:38
XBV00202.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00203.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00204.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00205.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00206.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00207.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00208.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00209.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00210.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00211.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00212.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00213.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00214.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00215.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00216.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00217.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00218.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00219.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00220.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00221.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00222.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00223.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00224.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00225.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00226.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00227.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00228.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00229.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:39
XBV00230.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00231.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00232.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00233.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00234.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00235.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00236.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00237.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00238.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00239.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00240.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00241.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00242.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00243.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00244.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00245.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00246.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00247.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00248.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00249.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00250.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00251.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00252.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00253.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00254.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00255.VDF : 8.11.165.192 2048 Bytes 07.08.2014 12:33:40
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 20:31:38
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 11:30:58
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 12:17:36
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 19:34:19
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 20:26:34
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 06:24:08
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 12:50:08
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 11:11:46
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 12:33:30
XBV00042.VDF : 8.11.165.218 217600 Bytes 07.08.2014 12:33:32
XBV00043.VDF : 8.11.165.246 262656 Bytes 07.08.2014 18:33:11
XBV00044.VDF : 8.11.165.250 20480 Bytes 07.08.2014 05:14:52
XBV00045.VDF : 8.11.165.252 2048 Bytes 07.08.2014 05:14:52
XBV00046.VDF : 8.11.165.254 7168 Bytes 07.08.2014 05:14:52
XBV00047.VDF : 8.11.166.4 5120 Bytes 08.08.2014 05:14:52
XBV00048.VDF : 8.11.166.16 6144 Bytes 08.08.2014 11:14:29
XBV00049.VDF : 8.11.166.20 28160 Bytes 08.08.2014 11:14:29
XBV00050.VDF : 8.11.166.22 2048 Bytes 08.08.2014 11:14:29
XBV00051.VDF : 8.11.166.24 20480 Bytes 08.08.2014 17:14:30
XBV00052.VDF : 8.11.166.28 33280 Bytes 08.08.2014 04:43:29
XBV00053.VDF : 8.11.166.32 214016 Bytes 08.08.2014 04:43:29
XBV00054.VDF : 8.11.166.34 5120 Bytes 08.08.2014 04:43:29
XBV00055.VDF : 8.11.166.58 216576 Bytes 09.08.2014 15:39:14
XBV00056.VDF : 8.11.166.78 15872 Bytes 09.08.2014 15:39:14
XBV00057.VDF : 8.11.166.98 37888 Bytes 10.08.2014 16:44:38
XBV00058.VDF : 8.11.166.100 2048 Bytes 10.08.2014 16:44:38
XBV00059.VDF : 8.11.166.102 45568 Bytes 10.08.2014 16:44:38
XBV00060.VDF : 8.11.166.104 2048 Bytes 10.08.2014 16:44:38
LOCAL001.VDF : 8.11.166.104 108298752 Bytes 10.08.2014 16:44:51
Engineversion : 8.3.24.6
AEVDF.DLL : 8.3.1.2 133024 Bytes 07.08.2014 18:33:10
AESCRIPT.DLL : 8.2.0.14 428032 Bytes 01.08.2014 13:01:28
AESCN.DLL : 8.3.2.2 139456 Bytes 22.07.2014 15:32:12
AESBX.DLL : 8.2.20.24 1409224 Bytes 08.05.2014 13:48:38
AERDL.DLL : 8.2.0.138 704888 Bytes 03.12.2013 15:07:15
AEPACK.DLL : 8.4.0.50 792488 Bytes 07.08.2014 18:33:10
AEOFFICE.DLL : 8.3.0.16 213192 Bytes 28.07.2014 12:49:08
AEHEUR.DLL : 8.1.4.1210 7380008 Bytes 07.08.2014 18:33:10
AEHELP.DLL : 8.3.1.0 278728 Bytes 28.05.2014 18:44:31
AEGEN.DLL : 8.1.7.28 450752 Bytes 06.06.2014 14:04:49
AEEXP.DLL : 8.4.2.22 244584 Bytes 01.08.2014 13:01:28
AEEMU.DLL : 8.1.3.4 399264 Bytes 07.08.2014 18:33:10
AEDROID.DLL : 8.4.2.24 442568 Bytes 04.06.2014 17:35:22
AECORE.DLL : 8.3.2.6 243712 Bytes 07.08.2014 18:33:09
AEBB.DLL : 8.1.2.0 60448 Bytes 07.08.2014 18:33:09
AVWINLL.DLL : 14.0.6.522 24144 Bytes 07.08.2014 12:33:19
AVPREF.DLL : 14.0.6.522 50256 Bytes 07.08.2014 12:33:20
AVREP.DLL : 14.0.6.522 219216 Bytes 07.08.2014 12:33:20
AVARKT.DLL : 14.0.5.368 226384 Bytes 24.06.2014 12:58:33
AVEVTLOG.DLL : 14.0.6.522 182352 Bytes 07.08.2014 12:33:20
SQLITE3.DLL : 14.0.6.522 452176 Bytes 07.08.2014 12:33:29
AVSMTP.DLL : 14.0.6.522 76368 Bytes 07.08.2014 12:33:21
NETNT.DLL : 14.0.6.522 13392 Bytes 07.08.2014 12:33:28
RCIMAGE.DLL : 14.0.6.544 4863568 Bytes 07.08.2014 12:33:19
RCTEXT.DLL : 14.0.6.536 74320 Bytes 07.08.2014 12:33:19
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_53e84edb\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig
Beginn des Suchlaufs: Montag, 11. August 2014 08:48
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_14_0_0_145.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_14_0_0_145.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'DXPServer.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'DeviceDisplayObjectProvider.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '140' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvstreamsvc.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvstreamsvc.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'KodakSvc.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'ExpressTray.exe' - '142' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'TBPANEL.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvTmru.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLanGUI.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'EKIJ5000MUI.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkNGUI.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'FourEngine.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '173' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'Garmin.Cartography.MapUpdate.CoreService.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'WlanNetService.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '163' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Program Files\Audacity\Languages\ca\cash_flow_forecast\drug_order.exe'
C:\Program Files\Audacity\Languages\ca\cash_flow_forecast\drug_order.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.65865
Beginne mit der Desinfektion:
C:\Program Files\Audacity\Languages\ca\cash_flow_forecast\drug_order.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.65865
[WARNUNG] Die Datei wurde ignoriert.
Ende des Suchlaufs: Montag, 11. August 2014 09:07
Benötigte Zeit: 00:20 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
772 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
771 Dateien ohne Befall
2 Archive wurden durchsucht
1 Warnungen
0 Hinweise
Die Suchergebnisse werden an den Guard übermittelt.
Code:
ATTFilter <?xml version="1.0" encoding="UTF-16"?>
-<mbam-log>
-<header>
<date>2014/08/08 11:06:10 +0200</date>
<logfile>mbam-log-2014-08-08 (11-06-08).xml</logfile>
<isadmin>yes</isadmin>
</header>
-<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.08.08.01</malware-database>
<rootkit-database>v2014.08.04.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
-<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x86</arch>
<username>Gunnar</username>
<filesys>NTFS</filesys>
</system>
-<summary>
<type>threat</type>
<result>completed</result>
<objects>299953</objects>
<time>595</time>
<processes>0</processes>
<modules>0</modules>
<keys>2</keys>
<values>4</values>
<datas>0</datas>
<folders>2</folders>
<files>10</files>
<sectors>0</sectors>
</summary>
-<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
-<items>
-<key>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\resource</path>
<vendor>Trojan.Agent</vendor>
<action>success</action>
<hash>1d042f956813b38340a81e899b666a96</hash>
</key>
-<key>
<path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\The weDownload Manager</path>
<vendor>PUP.Optional.weDownload.A</vendor>
<action>delete-on-reboot</action>
<hash>8b96d6ee86f565d13d490fe7b0528779</hash>
</key>
-<value>
<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path>
<valuename>fiscal_year</valuename>
<vendor>Trojan.Agent</vendor>
<action>success</action>
<valuedata>C:\Program Files\Audacity\Languages\ca\cash_flow_forecast\episode.exe</valuedata>
<hash>fd24972d5625f541d513c0e748b96b95</hash>
</value>
-<value>
<path>HKU\S-1-5-21-2415819902-1883768789-382756440-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path>
<valuename>fiscal_year</valuename>
<vendor>Trojan.Agent</vendor>
<action>delete-on-reboot</action>
<valuedata>C:\Program Files\Audacity\Languages\ca\cash_flow_forecast\episode.exe</valuedata>
<hash>fd24972d5625f541d513c0e748b96b95</hash>
</value>
-<value>
<path>HKU\S-1-5-21-2415819902-1883768789-382756440-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path>
<valuename>lajhxpps</valuename>
<vendor>Trojan.Email.FakeDoc</vendor>
<action>delete-on-reboot</action>
<valuedata>C:\Users\Gunnar\AppData\Roaming\Outo\dprfnxpps.exe</valuedata>
<hash>99888143e398a98dbc85d2d550b1827e</hash>
</value>
-<value>
<path>HKU\S-1-5-21-2415819902-1883768789-382756440-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE</path>
<valuename>pager</valuename>
<vendor>Trojan.Agent</vendor>
<action>delete-on-reboot</action>
<valuedata>C:\Program Files\Adobe\Reader 11.0\Reader\Services\dialing\internet_explorer.exe</valuedata>
<hash>ae73a420e398072f7c6d208770919769</hash>
</value>
-<folder>
<path>C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\9verf5au.default\jetpack\socksharedownloader@socksharedownloader.com</path>
<vendor>PUP.Optional.SockShareDownloader.A</vendor>
<action>success</action>
<hash>8a973a8a0873979fefa5833435cd3dc3</hash>
</folder>
-<folder>
<path>C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\9verf5au.default\jetpack\socksharedownloader@socksharedownloader.com\simple-storage</path>
<vendor>PUP.Optional.SockShareDownloader.A</vendor>
<action>success</action>
<hash>8a973a8a0873979fefa5833435cd3dc3</hash>
</folder>
-<file>
<path>C:\Program Files\Audacity\Languages\ca\cash_flow_forecast\episode.exe</path>
<vendor>Trojan.Agent</vendor>
<action>success</action>
<hash>fd24972d5625f541d513c0e748b96b95</hash>
</file>
-<file>
<path>C:\Users\Gunnar\AppData\Roaming\Outo\dprfnxpps.exe</path>
<vendor>Trojan.Email.FakeDoc</vendor>
<action>success</action>
<hash>99888143e398a98dbc85d2d550b1827e</hash>
</file>
-<file>
<path>C:\Program Files\Adobe\Reader 11.0\Reader\Services\dialing\internet_explorer.exe</path>
<vendor>Trojan.Agent</vendor>
<action>success</action>
<hash>ae73a420e398072f7c6d208770919769</hash>
</file>
-<file>
<path>C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\flash_off\fiscal_period.exe</path>
<vendor>Trojan.Agent</vendor>
<action>success</action>
<hash>1d042f956813b38340a81e899b666a96</hash>
</file>
-<file>
<path>C:\Users\Gunnar\Downloads\Skype.exe</path>
<vendor>PUP.Optional.Outbrowse</vendor>
<action>success</action>
<hash>3ce59d27b1ca989e2e28380f6b99c53b</hash>
</file>
-<file>
<path>C:\Users\Gunnar\Downloads\DTLite4481-0347.exe</path>
<vendor>PUP.Optional.OpenCandy</vendor>
<action>success</action>
<hash>c0615173a1da7db9f4bbcc1f4cb8f10f</hash>
</file>
-<file>
<path>C:\Users\Gunnar\Downloads\Brothersoft_downloader_For_MP3_to_WAV_Converter.exe</path>
<vendor>PUP.Optional.BSDownloader</vendor>
<action>success</action>
<hash>25fca81c07744beb4b36ab73619f8f71</hash>
</file>
-<file>
<path>C:\Users\Gunnar\Downloads\tb_PrizeRebelBar.exe</path>
<vendor>PUP.Optional.Conduit.A</vendor>
<action>success</action>
<hash>4dd43a8a0873f73f94f5c677916f5ba5</hash>
</file>
-<file>
<path>C:\Users\Gunnar\Downloads\teamspeak setup.exe</path>
<vendor>PUP.Optional.BundleInstaller.A</vendor>
<action>success</action>
<hash>948dc4006d0e42f4b8272022a45d5fa1</hash>
</file>
-<file>
<path>C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\9verf5au.default\jetpack\socksharedownloader@socksharedownloader.com\simple-storage\store.json</path>
<vendor>PUP.Optional.SockShareDownloader.A</vendor>
<action>success</action>
<hash>8a973a8a0873979fefa5833435cd3dc3</hash>
</file>
</items>
</mbam-log>
 |
|
11.08.2014, 08:58
| #2 |
| /// TB-Ausbilder   | Trojaner TR/Crypt.ZPACK.65865 gefunden! Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Scan mit Combofix
|
|
11.08.2014, 09:19
| #3 |
| | Trojaner TR/Crypt.ZPACK.65865 gefunden!Code:
ATTFilter ComboFix 14-08-06.02 - Gunnar 11.08.2014 10:07:08.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3326.1729 [GMT 2:00]
ausgeführt von:: c:\users\Gunnar\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gunnar\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-07-11 bis 2014-08-11 ))))))))))))))))))))))))))))))
.
.
2014-08-11 08:12 . 2014-08-11 08:14 -------- d-----w- c:\users\Gunnar\AppData\Local\temp
2014-08-11 07:21 . 2014-08-11 07:21 -------- d-sh--w- c:\users\Gunnar\AppData\Local\EmieUserList
2014-08-11 07:21 . 2014-08-11 07:21 -------- d-sh--w- c:\users\Gunnar\AppData\Local\EmieSiteList
2014-08-11 07:01 . 2014-08-11 07:03 -------- d-----w- C:\FRST
2014-08-11 06:52 . 2014-08-11 06:52 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{815D1954-A301-4B58-A340-F66C8B3531F0}\offreg.dll
2014-08-09 04:43 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{815D1954-A301-4B58-A340-F66C8B3531F0}\mpengine.dll
2014-08-08 09:05 . 2014-08-11 07:19 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-08 09:03 . 2014-05-12 05:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-08 09:03 . 2014-05-12 05:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-08 09:03 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-08 09:03 . 2014-08-08 09:04 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware
2014-08-08 09:03 . 2014-08-08 09:03 -------- d-----w- c:\programdata\Malwarebytes
2014-08-08 08:40 . 2014-08-08 08:42 -------- d-----w- C:\AdwCleaner
2014-08-08 05:33 . 2014-08-08 05:33 -------- d-----w- c:\program files\CCleaner
2014-08-07 14:30 . 2014-08-07 14:35 -------- d-----w- c:\programdata\qdr
2014-08-07 14:29 . 2014-08-08 09:16 -------- d--h--w- c:\users\Gunnar\AppData\Roaming\Outo
2014-08-05 06:46 . 2014-08-05 06:46 -------- d-----w- c:\program files\Common Files\Java
2014-08-05 06:46 . 2014-07-25 10:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-31 05:26 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2014-07-31 05:26 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2014-07-31 05:26 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2014-07-31 05:26 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-07-31 05:26 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2014-07-31 05:26 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2014-07-31 05:26 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-07-31 05:26 . 2014-05-14 07:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-07-31 05:26 . 2014-05-14 07:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-07-29 19:03 . 2014-08-07 12:42 -------- d-----w- c:\programdata\Package Cache
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-27 08:21 . 2014-06-26 14:48 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-07-15 11:11 . 2013-05-07 13:17 35848 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-09 18:26 . 2013-03-22 08:05 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 18:26 . 2013-03-22 08:05 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-30 01:40 . 2014-07-09 05:17 404480 ----a-w- c:\windows\system32\aepdu.dll
2014-06-30 01:36 . 2014-07-09 05:17 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-06-24 12:58 . 2013-03-22 07:20 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-18 23:56 . 2014-07-09 05:18 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-18 23:56 . 2014-07-09 05:18 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:38 . 2014-07-09 05:18 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-06-18 23:37 . 2014-07-09 05:18 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-06-18 23:36 . 2014-07-09 05:18 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:35 . 2014-07-09 05:18 62464 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-06-18 23:23 . 2014-07-09 05:18 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-18 23:23 . 2014-07-09 05:18 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-18 23:22 . 2014-07-09 05:18 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-18 23:16 . 2014-07-09 05:18 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:06 . 2014-07-09 05:18 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:52 . 2014-07-09 05:18 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-06-18 22:46 . 2014-07-09 05:18 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 22:45 . 2014-07-09 05:18 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 22:13 . 2014-07-09 05:18 1791488 ----a-w- c:\windows\system32\wininet.dll
2014-06-18 01:51 . 2014-07-09 05:18 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-18 00:52 . 2014-07-09 05:18 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 09:44 . 2014-07-09 05:18 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26 . 2014-07-09 05:17 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-30 07:52 . 2014-07-09 05:17 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52 . 2014-07-09 05:17 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 05:17 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52 . 2014-07-09 05:17 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 05:17 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 05:17 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52 . 2014-07-09 05:17 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36 . 2014-07-09 05:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-22 12:39 . 2013-03-22 07:20 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2010-09-02 2181744]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2011-12-12 6318696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-07 751184]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2013-11-14 955168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-07-24 190032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [2008-10-10 274432]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 4352]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 265088]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-06-18 108032]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-08-11 110296]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-26 37352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-01-30 243128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-08-07 430160]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-07-24 141392]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-07-23 438616]
S2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\center\KodakSvc.exe [2008-12-01 28672]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-14 14652704]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-11-14 33568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-02-03 514152]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-22 18:26]
.
2014-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-20 19:36]
.
2014-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-20 19:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.0.1 192.168.0.2
TCP: Interfaces\{A0F9D040-4573-4116-AA08-8CFE01A0B37E}: DhcpNameServer = 192.168.0.1 192.168.0.2
FF - ProfilePath - c:\users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\9verf5au.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Conime - c:\windows\system32\conime.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\avmwlanstick\WlanNetService.exe
c:\windows\system32\taskhost.exe
c:\program files\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\conhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\rundll32.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\avira\antivir desktop\ipmGui.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-11 10:16:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-08-11 08:16
.
Vor Suchlauf: 23 Verzeichnis(se), 841.900.748.800 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 841.704.312.832 Bytes frei
.
- - End Of File - - D516177B62DFA60807122F88EC27F624
A36C5E4F47E84449FF07ED3517B43A31
|
|
11.08.2014, 09:58
| #4 |
| /// TB-Ausbilder | Trojaner TR/Crypt.ZPACK.65865 gefunden! Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
11.08.2014, 10:30
| #5 |
| | Trojaner TR/Crypt.ZPACK.65865 gefunden! AdwCleaner Code:
ATTFilter # AdwCleaner v3.304 - Bericht erstellt am 11/08/2014 um 11:06:52
# Aktualisiert 08/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Gunnar - GUNNAR-PC
# Gestartet von : C:\Users\Gunnar\Desktop\adwcleaner_3.304.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17207
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\9verf5au.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [10938 octets] - [08/08/2014 10:41:03]
AdwCleaner[R1].txt - [966 octets] - [11/08/2014 11:05:47]
AdwCleaner[S0].txt - [10868 octets] - [08/08/2014 10:42:39]
AdwCleaner[S1].txt - [888 octets] - [11/08/2014 11:06:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [947 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by Gunnar on 11.08.2014 at 11:20:45,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Gunnar\AppData\Roaming\red kawa"
Successfully deleted: [Folder] "C:\Program Files\red kawa"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
~~~ FireFox
Emptied folder: C:\Users\Gunnar\AppData\Roaming\mozilla\firefox\profiles\9verf5au.default\minidumps [690 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.08.2014 at 11:22:31,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 11.08.2014 Suchlauf-Zeit: 11:10:45 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.11.01 Rootkit Datenbank: v2014.08.04.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Gunnar Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 311881 Verstrichene Zeit: 6 Min, 59 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-08-2014 01
Ran by Gunnar (administrator) on GUNNAR-PC on 11-08-2014 11:25:36
Running from C:\Users\Gunnar\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\KodakSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Gainward Co.) C:\Program Files\EXPERTool\TBPANEL.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Windows\System32\Dxpserver.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-2415819902-1883768789-382756440-1000\...\Run: [GAINWARD] => C:\Program Files\EXPERTool\TBPanel.exe [2181744 2010-09-02] (Gainward Co.)
HKU\S-1-5-21-2415819902-1883768789-382756440-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2415819902-1883768789-382756440-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2415819902-1883768789-382756440-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GAINWARD] => C:\Program Files\EXPERTool\TBPanel.exe [2181744 2010-09-02] (Gainward Co.)
HKU\S-1-5-21-2415819902-1883768789-382756440-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2415819902-1883768789-382756440-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0DD53887C926CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\9verf5au.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\9verf5au.default\Extensions\2020Player_IKEA@2020Technologies.com [2013-07-12]
FF Extension: Avira Browser Safety - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\9verf5au.default\Extensions\abs@avira.com [2014-08-07]
FF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\9verf5au.default\Extensions\artur.dubovoy@gmail.com [2014-08-01]
FF Extension: Garmin Communicator - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\9verf5au.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-05-31]
FF Extension: Adblock Plus - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\9verf5au.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-02]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
S2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe [274432 2008-10-10] (Eastman Kodak Company) [File not signed]
R2 KodakSvc; C:\Program Files\Kodak\AiO\center\KodakSvc.exe [28672 2008-12-01] (Eastman Kodak Company) [File not signed]
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14652704 2013-11-14] (NVIDIA Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-05] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-01-30] (Disc Soft Ltd)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2010-10-22] (AVM GmbH)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-18] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [33568 2013-11-14] (NVIDIA Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-22] (Avira GmbH)
S3 TBPanel; C:\Windows\system32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Gunnar\AppData\Local\Temp\catchme.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-11 11:22 - 2014-08-11 11:22 - 00000965 _____ () C:\Users\Gunnar\Desktop\JRT.txt
2014-08-11 11:20 - 2014-08-11 11:20 - 01016261 _____ (Thisisu) C:\Users\Gunnar\Downloads\JRT.exe
2014-08-11 11:20 - 2014-08-11 11:20 - 01016261 _____ (Thisisu) C:\Users\Gunnar\Desktop\JRT.exe
2014-08-11 11:20 - 2014-08-11 11:20 - 00000000 ____D () C:\Windows\ERUNT
2014-08-11 11:19 - 2014-08-11 11:19 - 00001159 _____ () C:\Users\Gunnar\Desktop\mbam.txt
2014-08-11 11:10 - 2014-08-11 11:10 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 11:10 - 2014-08-11 11:10 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-11 11:10 - 2014-08-11 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-11 11:10 - 2014-08-11 11:10 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-11 11:10 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-11 11:10 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-11 11:10 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-11 11:09 - 2014-08-11 11:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gunnar\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-11 11:09 - 2014-08-11 11:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gunnar\Desktop\mbam-setup-2.0.2.1012(1).exe
2014-08-11 11:04 - 2014-08-11 11:04 - 01366203 _____ () C:\Users\Gunnar\Downloads\adwcleaner_3.304.exe
2014-08-11 11:04 - 2014-08-11 11:04 - 01366203 _____ () C:\Users\Gunnar\Desktop\adwcleaner_3.304.exe
2014-08-11 10:16 - 2014-08-11 10:16 - 00014269 _____ () C:\ComboFix.txt
2014-08-11 10:05 - 2014-08-11 10:16 - 00000000 ____D () C:\Qoobox
2014-08-11 10:05 - 2014-08-11 10:15 - 00000000 ____D () C:\Windows\erdnt
2014-08-11 10:05 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-11 10:05 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-11 10:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-11 10:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-11 10:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-11 10:05 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-11 10:05 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-11 10:05 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-11 10:03 - 2014-08-11 10:03 - 05568206 ____R (Swearware) C:\Users\Gunnar\Desktop\ComboFix.exe
2014-08-11 10:03 - 2014-08-11 10:03 - 05568206 _____ (Swearware) C:\Users\Gunnar\Downloads\ComboFix.exe
2014-08-11 09:21 - 2014-08-11 09:21 - 00000000 __SHD () C:\Users\Gunnar\AppData\Local\EmieUserList
2014-08-11 09:21 - 2014-08-11 09:21 - 00000000 __SHD () C:\Users\Gunnar\AppData\Local\EmieSiteList
2014-08-11 09:17 - 2014-08-11 09:17 - 00003023 _____ () C:\Users\Gunnar\Desktop\Gmer.txt
2014-08-11 09:07 - 2014-08-11 09:07 - 00380416 _____ () C:\Users\Gunnar\Downloads\fn8457pl.exe
2014-08-11 09:07 - 2014-08-11 09:07 - 00380416 _____ () C:\Users\Gunnar\Desktop\fn8457pl.exe
2014-08-11 09:02 - 2014-08-11 11:25 - 00011514 _____ () C:\Users\Gunnar\Desktop\FRST.txt
2014-08-11 09:02 - 2014-08-11 09:03 - 00024293 _____ () C:\Users\Gunnar\Desktop\Addition.txt
2014-08-11 09:01 - 2014-08-11 11:25 - 00000000 ____D () C:\FRST
2014-08-11 09:01 - 2014-08-11 09:01 - 01091072 _____ (Farbar) C:\Users\Gunnar\Downloads\FRST.exe
2014-08-11 09:01 - 2014-08-11 09:01 - 01091072 _____ (Farbar) C:\Users\Gunnar\Desktop\FRST.exe
2014-08-11 08:59 - 2014-08-11 08:59 - 00000544 _____ () C:\Users\Gunnar\Desktop\defogger_disable.log
2014-08-11 08:59 - 2014-08-11 08:59 - 00000156 _____ () C:\Users\Gunnar\defogger_reenable
2014-08-11 08:57 - 2014-08-11 08:57 - 00050477 _____ () C:\Users\Gunnar\Downloads\Defogger.exe
2014-08-11 08:57 - 2014-08-11 08:57 - 00050477 _____ () C:\Users\Gunnar\Desktop\Defogger.exe
2014-08-10 19:20 - 2014-08-11 09:08 - 00000010 _____ () C:\Users\Gunnar\Desktop\as.txt
2014-08-09 08:01 - 2014-08-09 08:02 - 00000000 ____D () C:\Users\Gunnar\Desktop\Thailand bearbeitet
2014-08-08 11:03 - 2014-08-08 11:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-08 10:56 - 2014-08-08 10:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gunnar\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-08 10:43 - 2014-08-11 11:07 - 00005254 _____ () C:\Windows\PFRO.log
2014-08-08 10:40 - 2014-08-11 11:06 - 00000000 ____D () C:\AdwCleaner
2014-08-08 10:40 - 2014-08-08 10:40 - 01475072 _____ () C:\Users\Gunnar\Downloads\adwcleaner_3.303.exe
2014-08-08 10:30 - 2014-08-11 11:07 - 00002184 _____ () C:\Windows\setupact.log
2014-08-08 10:30 - 2014-08-08 10:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-08 07:33 - 2014-08-08 07:33 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-08 07:33 - 2014-08-08 07:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-08 07:33 - 2014-08-08 07:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-08 07:32 - 2014-08-08 07:32 - 03738080 _____ (Piriform Ltd) C:\Users\Gunnar\Downloads\ccsetup416_slim.exe
2014-08-07 16:40 - 2014-08-07 16:40 - 00002048 _____ () C:\Users\Gunnar\Desktop\Avira Free Antivirus Profil Manuelle Auswahl.LNK
2014-08-07 16:30 - 2014-08-07 16:35 - 00000000 ____D () C:\ProgramData\qdr
2014-08-07 16:29 - 2014-08-08 11:16 - 00000000 ___HD () C:\Users\Gunnar\AppData\Roaming\Outo
2014-08-07 14:36 - 2014-08-07 14:42 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-06 21:59 - 2014-08-06 22:00 - 00000000 ____D () C:\Users\Gunnar\Desktop\Fotos
2014-08-06 12:52 - 2014-08-06 12:52 - 00006953 _____ () C:\Users\Gunnar\Desktop\Sparkasse Bielefeld (480 501 61) - Finanzstatus Fenna.htm
2014-08-05 08:46 - 2014-08-05 08:46 - 00004611 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-05 08:46 - 2014-08-05 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-05 08:46 - 2014-08-05 08:46 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-05 08:46 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-05 08:46 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-05 08:46 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-05 08:46 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-31 07:26 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 07:26 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 07:26 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 07:26 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 07:26 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 07:26 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 07:26 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 07:26 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 07:26 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-29 21:51 - 2014-07-29 21:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 21:04 - 2014-07-29 21:04 - 00001858 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-29 21:03 - 2014-08-07 14:42 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-29 21:02 - 2014-07-29 21:02 - 36347672 _____ (Garmin Ltd or its subsidiaries) C:\Users\Gunnar\Downloads\GarminExpressInstaller.exe
2014-07-27 06:58 - 2014-08-03 09:40 - 00000000 ____D () C:\Users\Gunnar\Desktop\Thailand
2014-07-15 09:48 - 2014-07-15 09:48 - 00038188 _____ () C:\Users\Gunnar\Desktop\Universität Bielefeld.htm
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-11 11:26 - 2013-03-22 10:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-11 11:25 - 2014-08-11 09:02 - 00011514 _____ () C:\Users\Gunnar\Desktop\FRST.txt
2014-08-11 11:25 - 2014-08-11 09:01 - 00000000 ____D () C:\FRST
2014-08-11 11:24 - 2013-04-20 21:36 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-11 11:22 - 2014-08-11 11:22 - 00000965 _____ () C:\Users\Gunnar\Desktop\JRT.txt
2014-08-11 11:20 - 2014-08-11 11:20 - 01016261 _____ (Thisisu) C:\Users\Gunnar\Downloads\JRT.exe
2014-08-11 11:20 - 2014-08-11 11:20 - 01016261 _____ (Thisisu) C:\Users\Gunnar\Desktop\JRT.exe
2014-08-11 11:20 - 2014-08-11 11:20 - 00000000 ____D () C:\Windows\ERUNT
2014-08-11 11:19 - 2014-08-11 11:19 - 00001159 _____ () C:\Users\Gunnar\Desktop\mbam.txt
2014-08-11 11:15 - 2009-07-14 06:34 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-11 11:15 - 2009-07-14 06:34 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-11 11:11 - 2013-03-21 15:50 - 01667991 _____ () C:\Windows\WindowsUpdate.log
2014-08-11 11:10 - 2014-08-11 11:10 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 11:10 - 2014-08-11 11:10 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-11 11:10 - 2014-08-11 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-11 11:10 - 2014-08-11 11:10 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-11 11:09 - 2014-08-11 11:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gunnar\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-11 11:09 - 2014-08-11 11:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gunnar\Desktop\mbam-setup-2.0.2.1012(1).exe
2014-08-11 11:07 - 2014-08-08 10:43 - 00005254 _____ () C:\Windows\PFRO.log
2014-08-11 11:07 - 2014-08-08 10:30 - 00002184 _____ () C:\Windows\setupact.log
2014-08-11 11:07 - 2013-04-20 21:36 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-11 11:07 - 2013-03-21 17:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-11 11:07 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-11 11:06 - 2014-08-08 10:40 - 00000000 ____D () C:\AdwCleaner
2014-08-11 11:04 - 2014-08-11 11:04 - 01366203 _____ () C:\Users\Gunnar\Downloads\adwcleaner_3.304.exe
2014-08-11 11:04 - 2014-08-11 11:04 - 01366203 _____ () C:\Users\Gunnar\Desktop\adwcleaner_3.304.exe
2014-08-11 10:16 - 2014-08-11 10:16 - 00014269 _____ () C:\ComboFix.txt
2014-08-11 10:16 - 2014-08-11 10:05 - 00000000 ____D () C:\Qoobox
2014-08-11 10:16 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-08-11 10:16 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-08-11 10:15 - 2014-08-11 10:05 - 00000000 ____D () C:\Windows\erdnt
2014-08-11 10:13 - 2009-07-14 04:04 - 00000243 _____ () C:\Windows\system.ini
2014-08-11 10:03 - 2014-08-11 10:03 - 05568206 ____R (Swearware) C:\Users\Gunnar\Desktop\ComboFix.exe
2014-08-11 10:03 - 2014-08-11 10:03 - 05568206 _____ (Swearware) C:\Users\Gunnar\Downloads\ComboFix.exe
2014-08-11 09:21 - 2014-08-11 09:21 - 00000000 __SHD () C:\Users\Gunnar\AppData\Local\EmieUserList
2014-08-11 09:21 - 2014-08-11 09:21 - 00000000 __SHD () C:\Users\Gunnar\AppData\Local\EmieSiteList
2014-08-11 09:17 - 2014-08-11 09:17 - 00003023 _____ () C:\Users\Gunnar\Desktop\Gmer.txt
2014-08-11 09:08 - 2014-08-10 19:20 - 00000010 _____ () C:\Users\Gunnar\Desktop\as.txt
2014-08-11 09:07 - 2014-08-11 09:07 - 00380416 _____ () C:\Users\Gunnar\Downloads\fn8457pl.exe
2014-08-11 09:07 - 2014-08-11 09:07 - 00380416 _____ () C:\Users\Gunnar\Desktop\fn8457pl.exe
2014-08-11 09:03 - 2014-08-11 09:02 - 00024293 _____ () C:\Users\Gunnar\Desktop\Addition.txt
2014-08-11 09:01 - 2014-08-11 09:01 - 01091072 _____ (Farbar) C:\Users\Gunnar\Downloads\FRST.exe
2014-08-11 09:01 - 2014-08-11 09:01 - 01091072 _____ (Farbar) C:\Users\Gunnar\Desktop\FRST.exe
2014-08-11 08:59 - 2014-08-11 08:59 - 00000544 _____ () C:\Users\Gunnar\Desktop\defogger_disable.log
2014-08-11 08:59 - 2014-08-11 08:59 - 00000156 _____ () C:\Users\Gunnar\defogger_reenable
2014-08-11 08:59 - 2013-03-21 16:22 - 00000000 ____D () C:\Users\Gunnar
2014-08-11 08:57 - 2014-08-11 08:57 - 00050477 _____ () C:\Users\Gunnar\Downloads\Defogger.exe
2014-08-11 08:57 - 2014-08-11 08:57 - 00050477 _____ () C:\Users\Gunnar\Desktop\Defogger.exe
2014-08-10 22:23 - 2013-05-11 13:18 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 08:02 - 2014-08-09 08:01 - 00000000 ____D () C:\Users\Gunnar\Desktop\Thailand bearbeitet
2014-08-08 11:16 - 2014-08-07 16:29 - 00000000 ___HD () C:\Users\Gunnar\AppData\Roaming\Outo
2014-08-08 11:03 - 2014-08-08 11:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-08 10:57 - 2014-08-08 10:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gunnar\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-08 10:40 - 2014-08-08 10:40 - 01475072 _____ () C:\Users\Gunnar\Downloads\adwcleaner_3.303.exe
2014-08-08 10:30 - 2014-08-08 10:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-08 08:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-08-08 07:37 - 2014-03-02 11:33 - 00000000 ____D () C:\Users\Gunnar\AppData\Roaming\TS3Client
2014-08-08 07:37 - 2014-01-30 17:20 - 00000000 ____D () C:\Users\Gunnar\AppData\Roaming\DAEMON Tools Lite
2014-08-08 07:36 - 2013-03-21 15:46 - 00000000 ____D () C:\Windows\Panther
2014-08-08 07:33 - 2014-08-08 07:33 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-08 07:33 - 2014-08-08 07:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-08 07:33 - 2014-08-08 07:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-08 07:32 - 2014-08-08 07:32 - 03738080 _____ (Piriform Ltd) C:\Users\Gunnar\Downloads\ccsetup416_slim.exe
2014-08-07 16:40 - 2014-08-07 16:40 - 00002048 _____ () C:\Users\Gunnar\Desktop\Avira Free Antivirus Profil Manuelle Auswahl.LNK
2014-08-07 16:35 - 2014-08-07 16:30 - 00000000 ____D () C:\ProgramData\qdr
2014-08-07 14:42 - 2014-08-07 14:36 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-07 14:42 - 2014-07-29 21:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-07 14:42 - 2013-03-22 09:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-07 14:42 - 2013-03-22 09:20 - 00000000 ____D () C:\Program Files\Avira
2014-08-07 14:36 - 2013-03-22 09:20 - 00000000 ____D () C:\ProgramData\Avira
2014-08-06 22:00 - 2014-08-06 21:59 - 00000000 ____D () C:\Users\Gunnar\Desktop\Fotos
2014-08-06 12:52 - 2014-08-06 12:52 - 00006953 _____ () C:\Users\Gunnar\Desktop\Sparkasse Bielefeld (480 501 61) - Finanzstatus Fenna.htm
2014-08-05 08:47 - 2014-03-03 08:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-05 08:46 - 2014-08-05 08:46 - 00004611 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-05 08:46 - 2014-08-05 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-05 08:46 - 2014-08-05 08:46 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-05 08:46 - 2014-03-03 08:55 - 00000000 ____D () C:\Program Files\Java
2014-08-03 09:40 - 2014-07-27 06:58 - 00000000 ____D () C:\Users\Gunnar\Desktop\Thailand
2014-07-31 11:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-07-31 09:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-07-30 15:33 - 2013-03-22 09:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-29 21:51 - 2014-07-29 21:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 21:05 - 2014-05-18 11:45 - 00000000 ____D () C:\Users\Gunnar\AppData\Local\Garmin
2014-07-29 21:05 - 2014-05-18 11:45 - 00000000 ____D () C:\ProgramData\Garmin
2014-07-29 21:05 - 2014-05-18 11:44 - 00000000 ____D () C:\Users\Gunnar\AppData\Roaming\Garmin
2014-07-29 21:04 - 2014-07-29 21:04 - 00001858 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-29 21:04 - 2014-06-05 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-07-29 21:04 - 2014-05-18 11:44 - 00000000 ____D () C:\Program Files\Garmin
2014-07-29 21:04 - 2014-05-18 11:44 - 00000000 ____D () C:\Program Files\DIFX
2014-07-29 21:02 - 2014-07-29 21:02 - 36347672 _____ (Garmin Ltd or its subsidiaries) C:\Users\Gunnar\Downloads\GarminExpressInstaller.exe
2014-07-27 16:00 - 2010-11-20 23:01 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-25 15:13 - 2013-06-19 19:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 12:55 - 2014-08-05 08:46 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-25 12:49 - 2014-08-05 08:46 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-25 12:49 - 2014-08-05 08:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-25 12:49 - 2014-08-05 08:46 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-24 16:03 - 2013-06-19 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-20 08:43 - 2013-12-17 22:24 - 00000000 ____D () C:\Users\Gunnar\Desktop\Fenna
2014-07-15 13:11 - 2013-05-07 15:17 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-15 09:48 - 2014-07-15 09:48 - 00038188 _____ () C:\Users\Gunnar\Desktop\Universität Bielefeld.htm
2014-07-13 18:51 - 2013-05-11 13:18 - 00000000 ____D () C:\Users\Gunnar\AppData\Roaming\Skype
Some content of TEMP:
====================
C:\Users\Gunnar\AppData\Local\temp\avgnt.exe
C:\Users\Gunnar\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-11 08:29
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-08-2014 01
Ran by Gunnar at 2014-08-11 11:26:05
Running from C:\Users\Gunnar\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
aiofw (Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
aioprnt (Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
aioscnnr (Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avira (HKLM\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version: - AVM Berlin)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
center (Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
Cool Edit Pro 2.0 (HKLM\...\Cool Edit Pro 2.0) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Elevated Installer (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
EPU-4 Engine (HKLM\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
EXPERTool 7.13 (HKLM\...\MySSID_is1) (Version: - Gainward Co., Ltd)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Mp3 Wma Converter V 2.2 (HKLM\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.12.1.320 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.1.320 - DVDVideoSoft Ltd.)
Freizeitkarte_DEU (Ausgabe 14.05) (HKLM\...\Freizeitkarte_DEU) (Version: - )
Garmin BaseCamp (HKLM\...\{00BC5C92-9F00-41B2-AE04-4C6B5DF0981F}) (Version: 4.3.2 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Kodak All-in-One-Druckersoftware (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 3.20.0.0 - Eastman Kodak Company)
ksDIP (Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
League of Legends (HKLM\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.55a (HKLM\...\Mp3tag) (Version: v2.55a - Florian Heidenreich)
MP4 To MP3 Converter V3.0.5 (HKLM\...\MP4 To MP3 Converter_is1) (Version: - hxxp://www.MP4ToMP3Converter.net)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5944 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.7.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3182 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
OSM generic routable(Thailand) (HKLM\...\OSM generic routable(Thailand)) (Version: - )
PokerStars.eu (HKLM\...\PokerStars.eu) (Version: - PokerStars.eu)
PreReq (Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
PS3 Video 9 6 (HKLM\...\PS3 Video 9) (Version: 6 - Red Kawa)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Southpark Stick of Truth (HKLM\...\U291dGhwYXJrU3RpY2tvZlRydXRo_is1) (Version: 1 - )
SpaceEngine Version 0.9.7.1 (HKLM\...\{53E413B3-2417-4BD1-984D-8C92C81C231F}_is1) (Version: 0.9.7.1 - SpaceEngine)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
06-08-2014 15:37:33 Windows Update
06-08-2014 17:01:41 Windows Update
06-08-2014 20:41:04 Windows Update
07-08-2014 05:55:07 Windows Update
07-08-2014 21:25:51 Windows Update
08-08-2014 19:49:18 Windows Update
09-08-2014 06:49:15 Windows Update
09-08-2014 16:38:20 Windows Update
09-08-2014 23:49:43 Windows Update
10-08-2014 08:54:03 Windows Update
10-08-2014 20:23:22 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2014-08-11 10:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {217D1D2D-B009-4F12-A3EA-6AEF98BC49D2} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()
Task: {250C24DE-3CB4-44C8-9448-B06CACB11920} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {2D7345D4-DF07-4922-99C8-A21BD93DEEE1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-20] (Google Inc.)
Task: {48AC5A4E-E383-4B6A-A9BC-1E1DB2A7E1D5} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {CC2D7F88-733D-4CB5-BF7C-762BDB9D8C6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-20] (Google Inc.)
Task: {FEE02260-D415-4ACB-8AD6-50538CAFAD6F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-04-14 22:29 - 2013-11-11 16:26 - 00092448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-03-21 17:34 - 2009-03-19 23:35 - 00208896 _____ () C:\Program Files\ASUS\EPU-4 Engine\AiNap.dll
2013-03-21 17:34 - 2009-03-19 23:35 - 00008704 _____ () C:\Program Files\ASUS\EPU-4 Engine\vvc.dll
2013-03-21 17:34 - 2009-01-15 15:55 - 00565248 _____ () C:\Program Files\ASUS\EPU-4 Engine\pngio.dll
2013-03-21 17:34 - 2009-10-01 05:33 - 00024576 ____R () C:\Windows\system32\AsIo.dll
2013-03-21 17:34 - 2009-03-25 17:53 - 00053248 _____ () C:\Program Files\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2014-08-11 11:08 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\Gunnar\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2013-03-21 17:36 - 1998-10-31 11:55 - 00005120 _____ () C:\Program Files\EXPERTool\TBManage.dll
2014-07-29 21:51 - 2014-07-29 21:51 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 40%
Total physical RAM: 3326.12 MB
Available physical RAM: 1981.89 MB
Total Pagefile: 6650.52 MB
Available Pagefile: 4892.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.04 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:784.3 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A7F6737C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
11.08.2014, 10:47
| #6 |
| /// TB-Ausbilder | Trojaner TR/Crypt.ZPACK.65865 gefunden! Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 ESET Online Scanner
Schritt 2 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
12.08.2014, 14:22
| #7 |
| | Trojaner TR/Crypt.ZPACK.65865 gefunden! ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2cae323ba13e7e4eaa47de236b8c6a98
# engine=19611
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-12 06:47:52
# local_time=2014-08-12 08:47:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 7628 43892983 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 86123 159457263 0 0
# scanned=132665
# found=7
# cleaned=0
# scan_time=3167
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gunnar\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=9753666D2DE5CDE956BF741DC908CCEE4764AEF7 ft=1 fh=b48e5054f30cf2c4 vn="Variante von Win32/Kryptik.CILP Trojaner" ac=I fn="C:\Program Files\Adobe\Reader 11.0\Reader\Services\dialing\rotation_lock_button.exe"
sh=EBE1748008422C218FD21BE383F80D627749A777 ft=1 fh=0b398f41eb4bbb2e vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gunnar\Downloads\FreeAudioCDToMP3Converter_1.3.12.1228.exe"
sh=11A731508B7231BC2B72692F9E2FAE04310FB1C4 ft=1 fh=af735a5da9fa8ba2 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gunnar\Downloads\MP4 to MP3 Converter - CHIP-Downloader.exe"
sh=6089DABF53AA05B011BED495A7950731FABF1388 ft=1 fh=1758a3972479c271 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gunnar\Downloads\OpenOffice - CHIP-Downloader.exe"
sh=8BE4C277A62F2400C3B0A20F39297D310774E2AC ft=1 fh=d69c639933d87dfe vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gunnar\Downloads\Setup21_FreeConverter.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.86
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 67
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader XI
Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
13.08.2014, 08:35
| #8 |
| /// TB-Ausbilder | Trojaner TR/Crypt.ZPACK.65865 gefunden! Reste entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
C:\Users\Gunnar\Downloads\FreeAudioCDToMP3Converter_1.3.12.1228.exe
C:\Users\Gunnar\Downloads\*CHIP-Downloader.exe
C:\Users\Gunnar\Downloads\Setup21_FreeConverter.exe
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Hinweis: Registry Cleaner Ich sehe, dass du sogenannte Registry Cleaner installiert hast. In deinem Fall CCleaner. Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler. Zerstörst du die Registry, zerstörst du Windows. Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich. Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über Start --> Systemsteuerung --> Software (bei Windows XP)zu deinstallieren. Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Die Reihenfolge ist hier entscheidend.
Schritt 2 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
13.08.2014, 09:20
| #9 |
| | Trojaner TR/Crypt.ZPACK.65865 gefunden! Hey Matthias ComboFix lässt sich nicht deinstallieren. Wenn ich die Windows Taste + R drücke und Combofix/Uninstall eingebe, kommt die Meldung das combofix/uninstall nicht gefunden wurde. Wenn ich den Namen der Datei in uninstall.exe ändere und starte, führt er einfach combofix aus. Was soll ich tun? |
|
13.08.2014, 09:58
| #10 | |
| /// TB-Ausbilder | Trojaner TR/Crypt.ZPACK.65865 gefunden!Zitat:
 Sonst noch Probleme? |
|
13.08.2014, 11:05
| #11 |
| | Trojaner TR/Crypt.ZPACK.65865 gefunden!Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:13-08-2014
Ran by Gunnar at 2014-08-13 12:00:50 Run:1
Running from C:\Users\Gunnar\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
C:\Users\Gunnar\Downloads\FreeAudioCDToMP3Converter_1.3.12.1228.exe
C:\Users\Gunnar\Downloads\*CHIP-Downloader.exe
C:\Users\Gunnar\Downloads\Setup21_FreeConverter.exe
EmptyTemp:
end
*****************
"C:\Users\Gunnar\Downloads\FreeAudioCDToMP3Converter_1.3.12.1228.exe" => File/Directory not found.
"C:\Users\Gunnar\Downloads\*CHIP-Downloader.exe" => File/Directory not found.
"C:\Users\Gunnar\Downloads\Setup21_FreeConverter.exe" => File/Directory not found.
EmptyTemp: => Removed 20 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Ich werde mich bei dem nächsten Virus wieder melden! Super Hilfestellung hier auf diesem Board!!!! Danke Matthias  |
|
13.08.2014, 11:30
| #12 |
| /// TB-Ausbilder | Trojaner TR/Crypt.ZPACK.65865 gefunden! Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Trojaner TR/Crypt.ZPACK.65865 gefunden! |
| antivir, antivirus, avira, bonjour, browser, ccsetup, converter, downloader, dvdvideosoft ltd., email, firefox, flash player, helper, home, homepage, koyote, mp3, programm, realtek, scan, security, software, svchost.exe, system, trojaner, virus, windows, wma |
Linear-Darstellung
