Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
windows 7: staendig unbekannter datendownload

windows 7: staendig unbekannter datendownload


Log-Analyse und Auswertung: windows 7: staendig unbekannter datendownload

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 16.11.2014, 15:57   #1
kobu
 
windows 7: staendig unbekannter datendownload - Standard

windows 7: staendig unbekannter datendownload


guten tag,
beobachte seit kurzem einen sprunghaften anstieg des
downloadvolumens bei mir. komme fuer gewoehnlich als
standarduser auf ca 50mb - nunmehr sind es täglich ueber
ein gb.

nachfolgend nun die hier genannten logs. hoffe, das alles
richtig gemacht zu haben und bedanke mich im voraus!

Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:12 on 15/11/2014 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Zitat:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by *** (administrator) on THINKPAD_T410 on 15-11-2014 21:15:02
Running from C:\Users\***\Downloads
Loaded Profile: *** (Available profiles: ***)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Visage Software) C:\Program Files (x86)\G DATA PowerPDF\pwrpdfsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
() C:\Program Files (x86)\Winamp\winampa.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
() C:\Users\***\Downloads\Defogger.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69560 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-07-01] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-17] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2010-08-06] (Lenovo)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6589136 2014-09-30] (SoftPerfect Research)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [pwrpdfprsrv.exe] => C:\Program Files (x86)\G DATA PowerPDF\pwrpdfsrv.exe [4221440 2003-02-18] (Visage Software)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\Winampa.exe [12288 2003-04-17] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-2316056338-1901787665-544746410-1000\...\Run: [DU Meter] => "C:\Program Files (x86)\DU Meter\DUMeter.exe" /autostart
HKU\S-1-5-21-2316056338-1901787665-544746410-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-2316056338-1901787665-544746410-1000\...\MountPoints2: D - D:\AutoRun.exe
HKU\S-1-5-21-2316056338-1901787665-544746410-1000\...\MountPoints2: F - F:\SETUP.EXE /AUTORUN
HKU\S-1-5-21-2316056338-1901787665-544746410-1000\...\MountPoints2: {17e50707-3e59-11e3-bd9a-806e6f6e6963} - D:\AutoRun.exe
HKU\S-1-5-21-2316056338-1901787665-544746410-1000\...\MountPoints2: {1f0af1cb-3e5b-11e3-afbd-002710d2f074} - D:\AutoRun.exe
HKU\S-1-5-21-2316056338-1901787665-544746410-1000\...\MountPoints2: {219f8532-d1d2-11df-b578-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-2316056338-1901787665-544746410-1000\...\MountPoints2: {3d2b1e9e-3e68-11e3-aa49-806e6f6e6963} - D:\AutoRun.exe
HKU\S-1-5-21-2316056338-1901787665-544746410-1000\...\MountPoints2: {65f7e7ce-3e59-11e3-a104-70f3954babbe} - D:\AutoRun.exe
HKU\S-1-5-21-2316056338-1901787665-544746410-1000\...\MountPoints2: {b329e183-9289-11e0-8be7-00a0c6000000} - D:\SISetup.exe
HKU\S-1-5-21-2316056338-1901787665-544746410-1000\...\MountPoints2: {c1f85436-853a-11e1-b445-00a0c6000000} - D:\AutoRun.exe
HKU\S-1-5-21-2316056338-1901787665-544746410-1000\...\MountPoints2: {c925ea87-41b8-11e0-a053-00a0c6000000} - D:\AutoRun.exe
HKU\S-1-5-21-2316056338-1901787665-544746410-1000\...\MountPoints2: {c925ea91-41b8-11e0-a053-00a0c6000000} - D:\AutoRun.exe
HKU\S-1-5-21-2316056338-1901787665-544746410-1000\...\MountPoints2: {d87e7eb3-2736-11e0-988e-70f3954babbe} - D:\AutoRun.exe
HKU\S-1-5-21-2316056338-1901787665-544746410-1000\...\MountPoints2: {d87e7ec5-2736-11e0-988e-70f3954babbe} - E:\AutoRun.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk
ShortcutTarget: Service Manager.lnk -> C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3000 J310 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3000 J310 series.lnk -> C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
URLSearchHook: HKLM-x32 - Softonic-Austria Toolbar - {9ebe5796-5b84-4bfb-a1fb-914e68d02032} - C:\Program Files (x86)\Softonic-Austria\tbSoft.dll (Conduit Ltd.)
URLSearchHook: HKCU - Softonic-Austria Toolbar - {9ebe5796-5b84-4bfb-a1fb-914e68d02032} - C:\Program Files (x86)\Softonic-Austria\tbSoft.dll (Conduit Ltd.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms}&barid={867AF771-E239-4907-80A3-A728661CA027}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2422857
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms}&barid={867AF771-E239-4907-80A3-A728661CA027}
SearchScopes: HKCU - DefaultScope {47D8CBFD-FA36-4D6A-9125-01F99387D22C} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=DE&q={searchTerms}&gu=8a0416fdcf584d3c8e3f0b3ab17e746b&tu=10G9y00Gj1D33N0&sku=&tstsId=&ver=&&r=240
SearchScopes: HKCU - {47D8CBFD-FA36-4D6A-9125-01F99387D22C} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=DE&q={searchTerms}&gu=8a0416fdcf584d3c8e3f0b3ab17e746b&tu=10G9y00Gj1D33N0&sku=&tstsId=&ver=&&r=240
SearchScopes: HKCU - {5306E022-4886-48C9-9BA8-95D8159B314C} URL =
SearchScopes: HKCU - {934B7AF4-1656-44B7-BF31-8961CD8ABDB5} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10397&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABV&apn_dtid=^YYYYYY^YY^AT&apn_uid=a9a40a57-dd18-47dc-9f57-c0e59796529e&apn_sauid=F55DCD67-2BB9-4593-9C54-B6172B1EDE23
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2422857
SearchScopes: HKCU - {BB2411A5-D035-4A79-B81A-1D5D3F24003E} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms}&barid={867AF771-E239-4907-80A3-A728661CA027}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Zonealarm Helper Object -> {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} -> C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Softonic-Austria Toolbar -> {9ebe5796-5b84-4bfb-a1fb-914e68d02032} -> C:\Program Files (x86)\Softonic-Austria\tbSoft.dll (Conduit Ltd.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Softonic-Austria Toolbar - {9ebe5796-5b84-4bfb-a1fb-914e68d02032} - C:\Program Files (x86)\Softonic-Austria\tbSoft.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-2316056338-1901787665-544746410-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2316056338-1901787665-544746410-1000 -> No Name - {9EBE5796-5B84-4BFB-A1FB-914E68D02032} - No File
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138
Tcpip\..\Interfaces\{A9056E63-7AF5-4C34-9859-750B83FA45EE}: [NameServer] 194.48.139.254 194.48.124.200

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jv18yov0.default
FF DefaultSearchEngine: Bing
FF DefaultSearchUrl:
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.atpworldtour.com/Tournaments/Challenger-Tour.aspx
FF Keyword.URL: hxxp://search.sweetim.com/search.asp?src=2&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jv18yov0.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jv18yov0.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jv18yov0.default\Extensions\abs@avira.com [2014-11-01]
FF Extension: ST-Austria - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jv18yov0.default\Extensions\{9ebe5796-5b84-4bfb-a1fb-914e68d02032} [2014-11-01]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [993584 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-16] (Lenovo.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [7442493 2000-08-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [65602 2000-08-06] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [331512 2010-04-26] (QUALCOMM, Inc.)
S3 SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [303170 2000-08-06] (Microsoft Corporation) [File not signed]
R2 SUService; c:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-02-10] (Lenovo Group Limited) [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [21120 2011-08-09] (SafeNet Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-02-17] (Huawei Technologies Co., Ltd.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-10-07] (SafeNet Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-10-14] (Marvell Semiconductor, Inc.)
R1 networx; C:\Windows\System32\drivers\networx.sys [60408 2014-08-01] (NetFilterSDK.com)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2010-10-07] ()
R3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [6400 2010-04-26] (QUALCOMM Incorporated)
R3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [243712 2010-04-26] (QUALCOMM Incorporated)
R3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [121600 2010-04-26] (QUALCOMM Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)
S3 DUMeterDrv; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06020000}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 21:15 - 2014-11-15 21:15 - 00027014 _____ () C:\Users\***\Downloads\FRST.txt
2014-11-15 21:14 - 2014-11-15 21:15 - 00000000 ____D () C:\FRST
2014-11-15 21:14 - 2014-11-15 21:14 - 02116608 _____ (Farbar) C:\Users\***\Downloads\FRST64.exe
2014-11-15 21:11 - 2014-11-15 21:12 - 00000486 _____ () C:\Users\***\Downloads\defogger_disable.log
2014-11-15 21:11 - 2014-11-15 21:11 - 00000000 _____ () C:\Users\***\defogger_reenable
2014-11-15 21:10 - 2014-11-15 21:10 - 00050477 _____ () C:\Users\***\Downloads\Defogger.exe
2014-11-14 17:46 - 2014-11-14 17:53 - 123150072 _____ (Microsoft Corporation) C:\Users\***\Desktop\msert.exe
2014-11-12 16:03 - 2014-11-12 16:03 - 00000000 ____D () C:\f740ca2f91518b69415612d337ba0a93
2014-11-12 11:53 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 11:53 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 11:53 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 11:53 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 11:53 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 11:53 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 11:53 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 11:53 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 11:53 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 11:53 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 11:53 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 11:53 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 11:53 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 11:53 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 11:53 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 11:53 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 11:53 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 11:53 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 11:53 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 11:53 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 11:53 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 11:53 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 11:53 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 11:53 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 11:53 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 11:53 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 11:53 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 11:53 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 11:53 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 11:53 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 11:53 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 11:53 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 11:53 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 11:53 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 11:53 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 11:53 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 11:53 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 11:53 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 11:53 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 11:53 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 11:53 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 11:53 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 11:53 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 11:53 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 11:53 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 11:53 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 11:53 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 11:53 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 11:53 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 11:53 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 11:53 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 11:53 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 11:53 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 11:53 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 11:53 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 11:53 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 11:53 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 11:53 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 11:53 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 11:53 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 11:53 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 11:53 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 11:53 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 11:53 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 11:53 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 11:53 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 11:53 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 11:53 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 11:48 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 11:48 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 11:48 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 11:48 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 11:48 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 11:48 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 11:47 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 11:47 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 11:47 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 11:47 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 11:47 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 11:47 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 11:47 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 11:47 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 11:47 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 11:47 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 11:47 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 11:47 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 11:47 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 11:47 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 11:47 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 11:47 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 11:47 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 11:47 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 11:47 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 11:47 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 11:47 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 11:47 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 11:47 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 11:47 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 11:47 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 11:47 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 11:47 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 11:47 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 11:47 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-08 10:40 - 2014-11-15 21:07 - 00002016 _____ () C:\Windows\setupact.log
2014-11-08 10:40 - 2014-11-08 10:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-06 20:04 - 2014-11-06 20:04 - 00000000 ____D () C:\ProgramData\SoftPerfect
2014-11-06 20:04 - 2014-11-06 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
2014-11-06 20:04 - 2014-11-06 20:04 - 00000000 ____D () C:\Program Files\NetWorx
2014-11-06 20:04 - 2014-08-01 14:12 - 00060408 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\networx.sys
2014-11-06 20:00 - 2014-11-06 20:23 - 00000000 ____D () C:\Users\***\AppData\Roaming\NetMeter
2014-11-06 20:00 - 2014-11-06 20:02 - 00000000 ____D () C:\Program Files (x86)\NetMeter
2014-11-06 20:00 - 2014-11-06 20:00 - 00589394 _____ (ReadError ) C:\Users\***\Desktop\NetMeter_v114_beta.exe
2014-11-06 19:57 - 2014-11-06 19:57 - 02376848 _____ () C:\Users\***\Downloads\nl_2011_mon_CB-DL-Manager [1].exe
2014-11-06 14:02 - 2014-11-06 14:02 - 00286474 _____ () C:\Users\***\AppData\Local\census.cache
2014-11-06 14:02 - 2014-11-06 14:02 - 00121105 _____ () C:\Users\***\AppData\Local\ars.cache
2014-11-06 13:44 - 2014-11-06 13:44 - 00000036 _____ () C:\Users\***\AppData\Local\housecall.guid.cache
2014-11-03 17:02 - 2014-11-03 17:02 - 00007626 _____ () C:\Users\***\AppData\Local\Resmon.ResmonCfg
2014-11-03 17:00 - 2014-11-03 17:00 - 00431395 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2014-11-03 17:00 - 2014-11-03 17:00 - 00000762 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-11-03 17:00 - 2014-11-03 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-11-03 16:57 - 2014-11-03 17:00 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-11-03 16:57 - 2014-11-03 16:57 - 00000000 ____D () C:\Users\***\AppData\Roaming\Check Point Software Technologies LTD
2014-11-03 16:57 - 2014-11-03 16:57 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD
2014-11-03 16:56 - 2014-11-03 16:56 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-11-03 16:54 - 2014-11-03 16:54 - 03401864 _____ (Check Point Software Technologies Ltd.) C:\Users\***\Desktop\zafwSetupWeb_133_209_000.exe
2014-11-03 16:52 - 2014-11-12 14:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-03 16:52 - 2014-11-03 16:52 - 00001073 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-03 16:52 - 2014-11-03 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-03 16:52 - 2014-11-03 16:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-03 16:52 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-03 16:52 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-03 16:52 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-03 16:50 - 2014-11-03 16:51 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\***\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-01 11:11 - 2014-11-01 11:11 - 00000000 ____D () C:\Users\***\AppData\Local\{19BD5F3E-D329-4E48-AF75-5A973482289D}
2014-10-30 17:33 - 2014-10-30 17:33 - 00002786 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-30 17:33 - 2014-10-30 17:33 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-30 17:33 - 2014-10-30 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-30 17:33 - 2014-10-30 17:33 - 00000000 ____D () C:\Program Files\CCleaner

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 21:11 - 2011-01-23 15:36 - 00000000 ____D () C:\Users\***
2014-11-15 21:11 - 2010-10-07 16:09 - 45180942 _____ () C:\Windows\system32\perfh007.dat
2014-11-15 21:11 - 2010-10-07 16:09 - 14701492 _____ () C:\Windows\system32\perfc007.dat
2014-11-15 21:11 - 2010-10-07 06:35 - 02042112 _____ () C:\Windows\WindowsUpdate.log
2014-11-15 21:11 - 2009-07-14 06:13 - 00006852 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-15 21:08 - 2014-06-26 15:27 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-15 21:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-15 18:00 - 2009-07-14 05:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-15 18:00 - 2009-07-14 05:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-15 17:56 - 2012-07-13 21:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-15 17:55 - 2012-06-19 15:18 - 00000000 ____D () C:\Users\***\Desktop\Neuer Ordner
2014-11-14 20:38 - 2014-06-26 15:27 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-14 19:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 16:48 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-12 17:20 - 2014-04-30 09:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 16:42 - 2009-07-14 05:45 - 00384936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 16:03 - 2012-01-07 17:02 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 11:57 - 2012-07-13 21:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 11:57 - 2012-06-07 20:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 11:57 - 2012-06-07 20:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-07 16:02 - 2014-08-06 08:41 - 00001108 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-07 16:02 - 2014-08-06 08:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-07 16:02 - 2013-06-25 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-07 16:02 - 2013-03-10 22:40 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-07 15:00 - 2010-10-07 06:45 - 00000332 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-11-05 15:09 - 2014-10-03 13:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DU Meter
2014-11-01 20:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-30 17:35 - 2011-02-25 21:49 - 00000000 ____D () C:\Users\***\Tracing
2014-10-30 17:34 - 2009-07-24 18:29 - 00000000 ____D () C:\Windows\Panther
2014-10-28 06:34 - 2011-01-23 15:53 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-18 19:33 - 2014-06-26 15:27 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 19:33 - 2014-06-26 15:27 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\avgnt.exe
C:\Users\***\AppData\Local\Temp\networx_setup_5.3.3.exe
C:\Users\***\AppData\Local\Temp\nl_2011_mon_CB-DL-Manager.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 11:56

==================== End Of Log ============================
Zitat:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-15 21:35:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 INTEL_SS rev.2CV1 149,05GB
Running: Gmer-19357.exe; Driver: C:\Users\KLAUSK~1\AppData\Local\Temp\axdyapod.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076771401 2 bytes JMP 7690b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076771419 2 bytes JMP 7690b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076771431 2 bytes JMP 76988ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007677144a 2 bytes CALL 768e48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767714dd 2 bytes JMP 769887a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767714f5 2 bytes JMP 76988978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007677150d 2 bytes JMP 76988698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076771525 2 bytes JMP 76988a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007677153d 2 bytes JMP 768ffca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076771555 2 bytes JMP 769068ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007677156d 2 bytes JMP 76988f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076771585 2 bytes JMP 76988ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007677159d 2 bytes JMP 7698865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767715b5 2 bytes JMP 768ffd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767715cd 2 bytes JMP 7690b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767716b2 2 bytes JMP 76988e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767716bd 2 bytes JMP 769885f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[1400] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076771401 2 bytes JMP 7690b21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[1400] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076771419 2 bytes JMP 7690b346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[1400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076771431 2 bytes JMP 76988ea9 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[1400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007677144a 2 bytes CALL 768e48ad C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[1400] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000767714dd 2 bytes JMP 769887a2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[1400] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000767714f5 2 bytes JMP 76988978 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[1400] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007677150d 2 bytes JMP 76988698 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[1400] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076771525 2 bytes JMP 76988a62 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[1400] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007677153d 2 bytes JMP 768ffca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[1400] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076771555 2 bytes JMP 769068ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[1400] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007677156d 2 bytes JMP 76988f61 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[1400] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076771585 2 bytes JMP 76988ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[1400] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007677159d 2 bytes JMP 7698865c C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[1400] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000767715b5 2 bytes JMP 768ffd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[1400] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000767715cd 2 bytes JMP 7690b2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[1400] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000767716b2 2 bytes JMP 76988e24 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[1400] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000767716bd 2 bytes JMP 769885f1 C:\Windows\syswow64\KERNEL32.dll

---- Threads - GMER 2.1 ----

Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:2924] 0000000077893e85
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:3056] 0000000076bff5e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:3064] 0000000076bff5e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:2124] 0000000076bff5e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:2164] 0000000076bff5e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:400] 0000000076bff5e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:2208] 0000000076bff5e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:2144] 0000000076bff5e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:2228] 0000000076bff5e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:2316] 0000000076bff5e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:2372] 0000000076bff5e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:2188] 0000000077892e65
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:2492] 0000000077893e85
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:2448] 0000000076bff5e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:2908] 0000000076bff5e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:2956] 0000000042cf2585
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:3020] 0000000042cf2683
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:3012] 0000000042cf7791
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:3016] 0000000076bff5e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:2984] 0000000076bff5e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:3036] 0000000076bff5e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:2560] 0000000076bff5e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:8676] 0000000076bff5e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2840:5708] 0000000076bff5e1

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3954babbe
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3954babbe (not active ControlSet)

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

 

Themen zu windows 7: staendig unbekannter datendownload
antivir, bingbar, browser, conduit engine entfernen, desktop, explorer, fehlercode 0x5, firefox, flash player, google, homepage, internet explorer toolbar 4.6 by sweetpacks entfernen, monitor, mozilla, object, pwmtr64v.dll, registry, rundll, security, server, services.exe, softonic-austria toolbar entfernen, software, svchost.exe, system, windows, winlogon.exe


« Win7 Rechner nach 5-10 festgefahren, kein Programm reagiert mehr | Windows 7: Malware eingefangen »


Ähnliche Themen: windows 7: staendig unbekannter datendownload


  1. Schwarzes Feld als Pop-Up (exe) erscheint staendig und Word/Internet ist sehr langsam, obwohl der Laptop recht neu ist
    Plagegeister aller Art und deren Bekämpfung - 26.11.2015 (13)
  2. Unbekannter Computername in Windows Netzwerk über Wlan
    Netzwerk und Hardware - 20.10.2015 (5)
  3. Computer reagiert nicht und öffnet staendig Werbeseiten
    Plagegeister aller Art und deren Bekämpfung - 01.04.2015 (11)
  4. Logfiles unbekannter Herkunft in Windows/Temp
    Plagegeister aller Art und deren Bekämpfung - 20.02.2015 (5)
  5. [Windows 8] Unbekannter Virus / Komme nicht auf Desktop ?
    Plagegeister aller Art und deren Bekämpfung - 07.02.2014 (1)
  6. Windows 7: Webbrowser Infektion- unbekannter Schädling (Fingerprint: [526016dd])
    Log-Analyse und Auswertung - 14.01.2014 (3)
  7. code646 unbekannter fehler bei Windows update
    Log-Analyse und Auswertung - 27.12.2012 (1)
  8. Unbekannter Virus - Windows startet nicht
    Plagegeister aller Art und deren Bekämpfung - 28.07.2012 (1)
  9. Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet
    Log-Analyse und Auswertung - 15.06.2012 (25)
  10. Code 80072EFE - Unbekannter Fehler bei Windows Update.
    Log-Analyse und Auswertung - 12.09.2010 (0)
  11. PC ist so sehr langsam, steht staendig
    Log-Analyse und Auswertung - 23.08.2010 (5)
  12. unbekannter Virus blockiert Anti Spy Software und Systemwiederherstellung von Windows
    Log-Analyse und Auswertung - 07.01.2010 (11)
  13. staendig .exe-dateien auf Speicherkmedien (immer 1376 KB).txt
    Plagegeister aller Art und deren Bekämpfung - 05.05.2009 (15)
  14. Browser stuerzen staendig ab
    Log-Analyse und Auswertung - 06.01.2008 (2)
  15. staendig up-und download!
    Log-Analyse und Auswertung - 08.01.2007 (6)
  16. HILFE, staendig popups...
    Log-Analyse und Auswertung - 26.12.2005 (1)
  17. staendig pop ups - hjt log
    Log-Analyse und Auswertung - 05.07.2004 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema windows 7: staendig unbekannter datendownload - guten tag, beobachte seit kurzem einen sprunghaften anstieg des downloadvolumens bei mir. komme fuer gewoehnlich als standarduser auf ca 50mb - nunmehr sind es täglich ueber ein gb. nachfolgend nun - windows 7: staendig unbekannter datendownload...
Archiv
Du betrachtest: windows 7: staendig unbekannter datendownload auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131