Trojaner-Board - Windows 7 (2x): Bekanntter hat Viren nach Nutzung seiner externen HDD an meinen Rechnern

Hi,

das "in mehrere Posts aufteilen" habe ich wohl überlesen. Ich habe auf "erstellen" geklickt und bekam die Meldung, dass ich Anhänge machen sollte.

Nunja, hier nochmal in einzelnen Posts.

LAPTOP DEFOGGER

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 20:54 on 10/01/2014 (MyUser)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

-----------------------------------------------------------------------------------------------

LAPTOP FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2014

Ran by MyUser (administrator) on X230 on 10-01-2014 20:56:27

Running from D:\Users\MyUser\Desktop\virus

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

( ) C:\Windows\System32\lxducoms.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumsdmon.exe

(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe

(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [PSQLLauncher] - C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [85864 2012-09-21] (Authentec Inc.)

HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1612504 2013-11-11] (COMODO)

HKLM\...\Run: [lxdumon.exe] - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] ()

HKLM\...\Run: [lxduamon] - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [16040 2010-02-04] ()

HKLM\...\Run: [ApplyEsf-eDocPrintPro] - C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe [443392 2013-04-27] (May Software)

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)

HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)

HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)

HKLM-x32\...\Run: [PWMTRV] - C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [6000936 2013-01-09] (Lenovo Group Limited)

HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Lexmark 5600-6600 Series] - C:\Program Files (x86)\Lexmark 5600-6600 Series\fm3032.exe [311976 2010-02-04] ()

HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-08-30] (Cisco Systems, Inc.)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)

Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x665A34908F1ECE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()

Tcpip\Parameters: [DhcpNameServer] 62.109.121.1 62.109.121.2
 

FireFox:

========

FF ProfilePath: d:\Users\MyUser\AppData\Roaming\Mozilla\Firefox\Profiles\uj2b6my5.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 

==================== Services (Whitelisted) =================
 

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)

R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO)

S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-01-09] (Lenovo.)

S2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)

R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )

R2 lxdu_device; C:\Windows\SysWow64\lxducoms.exe [589824 2009-10-16] ( )

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)

R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)

R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-11-14] (COMODO)

R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO)

R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-09-24] (COMODO)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-17] (Synaptics Incorporated)

R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)

S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-08-30] (Cisco Systems, Inc.)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-10 20:54 - 2014-01-10 20:54 - 00000000 ____D C:\FRST

2014-01-10 20:54 - 2014-01-10 20:54 - 00000000 _____ d:\Users\MyUser\defogger_reenable

2014-01-10 20:53 - 2014-01-10 20:56 - 00000000 ____D d:\Users\MyUser\Desktop\virus

2014-01-01 00:19 - 2014-01-01 00:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-12-31 21:13 - 2014-01-09 15:02 - 00000000 ____D d:\Users\MyUser\AppData\Roaming\dvdcss

2013-12-14 15:42 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2013-12-14 15:42 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2013-12-14 15:42 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2013-12-14 15:42 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2013-12-14 15:41 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-12-14 15:41 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-12-14 15:41 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2013-12-14 15:41 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-12-14 15:41 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2013-12-14 15:41 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-12-14 15:41 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-12-14 15:41 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-12-14 15:41 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-12-14 15:41 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-12-14 15:41 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-12-14 15:41 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2013-12-14 15:41 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2013-12-14 15:41 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-12-14 15:41 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-12-14 15:41 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-12-14 15:41 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2013-12-14 15:41 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-12-14 15:41 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-12-14 15:40 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-12-14 15:40 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-12-14 15:40 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-12-14 15:40 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-12-14 15:40 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-12-14 15:40 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-12-14 15:40 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-12-14 15:40 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-12-14 15:40 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-12-14 15:40 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-12-14 15:40 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-12-14 15:40 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-12-12 10:08 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-12-12 10:08 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2013-12-12 10:08 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-12-12 10:08 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-12-12 10:08 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll

2013-12-12 10:08 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll

2013-12-12 10:08 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-12-12 10:08 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2013-12-12 10:08 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2013-12-12 10:08 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2013-12-12 10:08 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2013-12-12 10:08 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx

2013-12-12 10:08 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll

2013-12-12 10:08 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2013-12-12 10:08 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2013-12-12 10:08 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe

2013-12-12 10:08 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

2013-12-12 10:08 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2013-12-12 10:08 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
 

==================== One Month Modified Files and Folders =======
 

2014-01-10 20:56 - 2014-01-10 20:53 - 00000000 ____D d:\Users\MyUser\Desktop\virus

2014-01-10 20:54 - 2014-01-10 20:54 - 00000000 ____D C:\FRST

2014-01-10 20:54 - 2014-01-10 20:54 - 00000000 _____ d:\Users\MyUser\defogger_reenable

2014-01-10 20:54 - 2013-03-10 21:53 - 00000000 ____D d:\Users\MyUser

2014-01-10 20:50 - 2013-06-09 08:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-01-10 20:02 - 2013-03-10 21:44 - 01822860 _____ C:\Windows\WindowsUpdate.log

2014-01-10 17:21 - 2013-03-11 21:09 - 00000000 ____D C:\ProgramData\MFAData

2014-01-10 13:53 - 2009-07-14 05:51 - 00063046 _____ C:\Windows\setupact.log

2014-01-09 15:14 - 2013-10-12 16:08 - 00000000 ____D d:\Users\MyUser\AppData\Roaming\vlc

2014-01-09 15:02 - 2013-12-31 21:13 - 00000000 ____D d:\Users\MyUser\AppData\Roaming\dvdcss

2014-01-09 09:30 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-09 09:30 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-09 09:27 - 2009-07-14 06:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-09 09:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-04 19:45 - 2013-03-11 20:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2014-01-01 00:19 - 2014-01-01 00:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-12-14 19:18 - 2013-07-31 21:07 - 00000000 ____D C:\Windows\system32\MRT

2013-12-14 19:17 - 2013-03-10 22:35 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-12-14 17:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

2013-12-14 15:58 - 2009-07-14 05:45 - 00339464 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-14 15:41 - 2013-03-11 21:45 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-12-11 14:50 - 2013-06-09 08:52 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-12-11 14:50 - 2013-03-10 22:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-12-11 14:50 - 2013-03-10 22:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 

Some content of TEMP:

====================

d:\Users\MyUser\AppData\Local\Temp\setup.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-09 12:17
 

==================== End Of Log ============================

--- --- ---

-------------------------------------------------------------------

LAPTOP ADDITION

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2014

Ran by MyUser at 2014-01-10 20:57:16

Running from D:\Users\MyUser\Desktop\virus

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}

FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
 

==================== Installed Programs ======================
 

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Digital Editions 2.0 (x32 Version: 2.0.1 - Adobe Systems Incorporated)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Photoshop Lightroom 4.4 64-bit (Version: 4.4.1 - Adobe)

Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)

AVG 2014 (Version: 14.0.3658 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden

AVG 2014 (Version: 2014.0.4259 - AVG Technologies)

Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.1.04066 - Cisco Systems, Inc.)

Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04066 - Cisco Systems, Inc.) Hidden

COMODO Internet Security (Version: 6.0.2566.2708 - COMODO Security Solutions Inc.)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)

Dolby Advanced Audio v2 (x32 Version: 7.2.8000.17 - Dolby Laboratories Inc)

eDocPrintPro (Version: 3.18.4 - MAY Computer)

Energie-Manager (x32 Version: 6.40 - )

gs_x64 (Version: 9.06 - MAY-Computer)

Integrated Camera Driver Installer Package Ver.1.2.1.18 (x32 Version: 1.2.1.18 - RICOH)

Intel PROSet Wireless (Version:  - ) Hidden

Intel(R) Network Connections Drivers (Version: 16.8 - Intel)

Intel(R) Processor Graphics (x32 Version: 9.17.10.2843 - Intel Corporation)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)

Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.225 - Intel Corporation)

Intel® PROSet/Wireless WiFi-Software (Version: 15.02.0000.1258 - Intel Corporation)

Lenovo Patch Utility (x32 Version: 1.3.0.9 - Lenovo Group Limited)

Lenovo Patch Utility 64 bit (Version: 1.3.0.9 - Lenovo Group Limited)

Lenovo Power Management Driver (Version: 1.67.03.13 - )

Lexmark  (x32 Version: 1.0.0.0 - )

Lexmark 5600-6600 Series (Version:  - Lexmark International, Inc.)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Standard 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Standard 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)

Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6914 - Realtek Semiconductor Corp.)

RICOH_Media_Driver_v2.14.18.01 (x32 Version: 2.14.18.01 - RICOH)

SAS Enterprise Guide 4.3 OnDemand for Academics (x32 Version: 4.3.0.0 - SAS Institute Inc.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.5.1.2700 - Broadcom Corporation)

ThinkPad UltraNav Driver (Version: 16.2.19.7 - )

ThinkVantage Fingerprint Software (Version: 5.9.8.7264 - Authentec Inc.)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)

Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)

Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player 2.1.0 (x32 Version: 2.1.0 - VideoLAN)
 

==================== Restore Points  =========================
 

25-10-2013 10:41:33 Scheduled Checkpoint

02-11-2013 13:39:10 Scheduled Checkpoint

10-11-2013 12:59:46 Scheduled Checkpoint

14-11-2013 08:25:42 Windows Update

21-11-2013 12:22:51 Scheduled Checkpoint

27-11-2013 09:10:51 Windows Update

04-12-2013 12:51:27 Scheduled Checkpoint

12-12-2013 12:43:47 Scheduled Checkpoint

14-12-2013 14:40:15 Windows Update

14-12-2013 18:17:21 Windows Update

31-12-2013 23:17:57 Scheduled Checkpoint

08-01-2014 16:17:09 Scheduled Checkpoint
 

==================== Hosts content: ==========================
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {0E6CF8C1-CD5F-4ABA-909B-3B93ABD7F56F} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-11-20] (COMODO)

Task: {7595FA46-2565-4FE8-A2F8-3DFFDD5C908B} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe

Task: {9252B879-4741-46E5-9C96-EFF0C1FD1196} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)

Task: {9F964E42-F320-4B34-847D-88C590E2D53A} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)

Task: {A9D46B18-C618-4FB0-B627-2E6B6C9E914D} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [2010-02-04] ()

Task: {CCEC5D8B-7ED7-4262-8672-D0306CCFD782} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2013-01-09] (Lenovo Group Limited)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-04-02 12:47 - 2009-05-14 05:24 - 00045568 _____ () C:\Windows\System32\LXDUPMON.DLL

2013-04-02 12:47 - 2010-02-04 03:20 - 00086016 _____ () C:\Windows\System32\LXDUOEM.DLL

2013-04-02 12:47 - 2010-02-04 03:18 - 00081408 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\ipcmt64.dll

2013-03-11 21:29 - 2009-10-16 16:07 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll

2013-03-10 22:10 - 2013-01-09 06:40 - 00094208 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL

2013-03-10 22:00 - 2012-08-24 18:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-08-30 23:11 - 2013-08-30 23:11 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll

2013-04-02 12:47 - 2010-02-04 03:28 - 00380928 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll

2013-04-02 12:47 - 2009-10-16 09:53 - 00188416 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll

2013-04-02 12:47 - 2010-02-04 03:28 - 01036288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll

2013-04-02 12:47 - 2010-02-04 03:28 - 00081920 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll

2013-04-02 12:47 - 2010-02-04 03:17 - 00069632 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll

2013-04-02 12:47 - 2010-01-21 04:09 - 00028672 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\App4R.Monitor.Common.dll

2013-04-02 12:47 - 2010-01-21 04:09 - 00036864 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\App4R.Monitor.Core.dll

2013-04-02 12:47 - 2010-01-21 04:08 - 00065536 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll

2013-04-02 12:47 - 2008-03-25 02:53 - 00012288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: vpnva

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (01/09/2014 03:04:05 PM) (Source: Application Error) (User: )

Description: Faulting application name: vlc.exe, version: 2.1.0.0, time stamp: 0x523f7ac4

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

Exception code: 0xc0000374

Fault offset: 0x000ce753

Faulting process id: 0x91c

Faulting application start time: 0xvlc.exe0

Faulting application path: vlc.exe1

Faulting module path: vlc.exe2

Report Id: vlc.exe3
 

Error: (11/25/2013 00:34:03 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".

Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.
 

Error: (11/25/2013 00:34:03 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".

Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.
 

Error: (11/25/2013 00:24:21 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".

Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.
 

Error: (11/25/2013 00:24:21 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".

Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.
 

Error: (11/10/2013 04:00:01 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".

Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.
 

Error: (11/10/2013 04:00:01 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".

Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.
 

Error: (11/10/2013 03:56:49 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".

Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.
 

Error: (11/10/2013 03:56:49 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".

Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.
 

Error: (11/10/2013 03:56:01 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".

Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.
 
 

System errors:

=============

Error: (01/09/2014 09:23:41 AM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

cdrom
 

Error: (01/09/2014 09:23:39 AM) (Source: Service Control Manager) (User: )

Description: The lxduCATSCustConnectService service failed to start due to the following error: 

%%1053
 

Error: (01/09/2014 09:23:39 AM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.
 

Error: (01/09/2014 09:23:22 AM) (Source: volmgr) (User: )

Description: Crash dump initialization failed!
 

Error: (01/07/2014 10:33:42 AM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

cdrom
 

Error: (01/07/2014 10:33:40 AM) (Source: Service Control Manager) (User: )

Description: The lxduCATSCustConnectService service failed to start due to the following error: 

%%1053
 

Error: (01/07/2014 10:33:40 AM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.
 

Error: (01/07/2014 10:33:21 AM) (Source: volmgr) (User: )

Description: Crash dump initialization failed!
 

Error: (01/06/2014 05:02:16 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

cdrom
 

Error: (01/06/2014 05:02:14 PM) (Source: Service Control Manager) (User: )

Description: The lxduCATSCustConnectService service failed to start due to the following error: 

%%1053
 
 

Microsoft Office Sessions:

=========================

Error: (01/09/2014 03:04:05 PM) (Source: Application Error)(User: )

Description: vlc.exe2.1.0.0523f7ac4ntdll.dll6.1.7601.18247521ea8e7c0000374000ce75391c01cf0d43a0a45274C:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Windows\SysWOW64\ntdll.dlle61b197b-7936-11e3-b4f6-7ce9d3e4dfae
 

Error: (11/25/2013 00:34:03 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Lexmark 5600-6600 Series\Job Status\MFC80U.DLL
 

Error: (11/25/2013 00:34:03 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Lexmark 5600-6600 Series\Job Status\MFC80U.DLL
 

Error: (11/25/2013 00:24:21 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Lexmark 5600-6600 Series\Job Status\MFC80U.DLL
 

Error: (11/25/2013 00:24:21 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Lexmark 5600-6600 Series\Job Status\MFC80U.DLL
 

Error: (11/10/2013 04:00:01 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Lexmark 5600-6600 Series\Job Status\MFC80U.DLL
 

Error: (11/10/2013 04:00:01 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Lexmark 5600-6600 Series\Job Status\MFC80U.DLL
 

Error: (11/10/2013 03:56:49 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Lexmark 5600-6600 Series\Job Status\MFC80U.DLL
 

Error: (11/10/2013 03:56:49 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Lexmark 5600-6600 Series\Job Status\MFC80U.DLL
 

Error: (11/10/2013 03:56:01 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Lexmark 5600-6600 Series\Job Status\MFC80U.DLL
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 22%

Total physical RAM: 11983.79 MB

Available physical RAM: 9250.42 MB

Total Pagefile: 11981.97 MB

Available Pagefile: 9868.92 MB

Total Virtual: 8192 MB

Available Virtual: 8191.8 MB
 

==================== Drives ================================
 

Drive c: (System) (Fixed) (Total:119.24 GB) (Free:80 GB) NTFS

Drive d: (Data) (Fixed) (Total:465.66 GB) (Free:420.39 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FED25F5A)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: FED25F42)

Partition 1: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

So, und hier kommen nochmal die Log Files für den PC.
Wie Gesagt, hat GMER ein leeres Logfile produziert und die Meldung "No Modifications could be found" gebracht. => Allerdings musste ich dies im abgesicherten Modus durchführen.

PC DEFOGGER

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 20:45 on 10/01/2014 (MyUser)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

-------------------------------------------------

PC FRST

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2014

Ran by MyUser (administrator) on MEDIAKISTE on 10-01-2014 20:47:40

Running from E:\UserData\MyUser\Desktop\virus

Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgchsva.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

(COMODO) C:\Program Files\COMODO\COMODO\COMODO Internet Security\cmdagent.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

(AMD) C:\Windows\System32\atieclxx.exe

() C:\Program Files (x86)\Steuersparerklaerung 2012\AAVUpdateManager\aavus.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe

(COMODO) C:\Program Files\COMODO\COMODO\COMODO Internet Security\cfp.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe

() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumsdmon.exe

(Akamai Technologies, Inc.) C:\Users\MyUser\AppData\Local\Akamai\netsession_win.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgtray.exe

(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

(Akamai Technologies, Inc.) C:\Users\MyUser\AppData\Local\Akamai\netsession_win.exe

(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

( ) C:\Windows\System32\lxducoms.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [lxduamon] - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [16040 2009-09-04] ()

HKLM\...\Run: [lxdumon.exe] - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2009-09-04] ()

HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-04-28] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [AVG9_TRAY] - C:\Program Files (x86)\AVG\AVG9\avgtray.exe [2077536 2012-01-27] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162408 2012-07-12] (Geek Software GmbH)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-08-30] (Cisco Systems, Inc.)

HKCU\...\Run: [Remote Control Editor] - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1844296 2011-11-09] (Elgato Systems)

HKCU\...\Run: [Thunderbird] - "C:\Program Files (x86)\Mozilla Thunderbird\thunderbird" -turbo

HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\MyUser\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)

AppInit_DLLs: C:\Windows\System32\guard64.dll [390392 2012-11-08] (COMODO)

AppInit_DLLs-x32:          C:\Windows\SysWOW64\guard32.dll [301264 2012-11-08] (COMODO)

Startup: C:\Users\MyUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
 

==================== Internet (Whitelisted) ====================
 

ProxyServer: socks=gate.ec.auckland.ac.nz:1080

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x783D7E18F3F8C901

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKCU - DefaultScope {39D1E3AC-94FB-4B3A-9C59-D3F51C773AD2} URL = hxxp://www.google.de/search?q={searchTerms}

SearchScopes: HKCU - {39D1E3AC-94FB-4B3A-9C59-D3F51C773AD2} URL = hxxp://www.google.de/search?q={searchTerms}

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - \bin\jp2ssv.dll No File

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()

Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab

DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ura-emea.siemens.com/dana-cached/sc/JuniperSetupClient.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: 131.188.12.8        vpn.rrze.uni-erlangen.de

Tcpip\Parameters: [DhcpNameServer] 62.109.121.1 62.109.121.2
 

FireFox:

========

FF ProfilePath: C:\Users\MyUser\AppData\Roaming\Mozilla\Firefox\Profiles\uag4khha.default-1385673285218

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.3.2427702\npmathplugin.dll (Wolfram Research, Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: FireFTP - C:\Users\MyUser\AppData\Roaming\Mozilla\Firefox\Profiles\uag4khha.default-1385673285218\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
 

==================== Services (Whitelisted) =================
 

R2 AAV UpdateService; C:\Program Files (x86)\Steuersparerklaerung 2012\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-13] (Adobe Systems)

R2 avg9wd; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136 2010-07-15] (AVG Technologies CZ, s.r.o.)

R2 cmdAgent; C:\Program Files\COMODO\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-08] (COMODO)

S2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)

R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1044136 2009-08-19] ( )

R2 lxdu_device; C:\Windows\SysWow64\lxducoms.exe [594600 2009-08-19] ( )
 

==================== Drivers (Whitelisted) ====================
 

R1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [282976 2013-01-16] (AVG Technologies CZ, s.r.o.)

R1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [35664 2011-09-12] (AVG Technologies CZ, s.r.o.)

R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-08] (COMODO)

R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-08] (COMODO)

S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2010-01-20] ()

R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-08] (COMODO)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

S3 TTCinergyT2; C:\Windows\System32\DRIVERS\TTCinergyT2BDA.sys [42016 2007-07-12] (TerraTec Electronic GmbH)

S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-07-19] (Cisco Systems, Inc.)

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]

S3 tsusbhub; system32\drivers\tsusbhub.sys [x]

S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-10 20:47 - 2014-01-10 20:47 - 00000000 ____D C:\FRST

2014-01-10 20:45 - 2014-01-10 20:45 - 00000000 _____ C:\Users\MyUser\defogger_reenable

2014-01-07 19:58 - 2014-01-07 19:58 - 00001351 _____ C:\Users\MyUser\AppData\Local\recently-used.xbel

2014-01-01 09:32 - 2014-01-01 09:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-12-15 19:45 - 2013-12-15 19:46 - 00000000 ____D C:\Program Files (x86)\inkscape

2013-12-11 19:48 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2013-12-11 19:48 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2013-12-11 19:48 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2013-12-11 19:48 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2013-12-11 19:41 - 2013-12-11 19:41 - 00772020 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-12-11 19:31 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-12-11 19:31 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-12-11 19:31 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2013-12-11 19:31 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-12-11 19:31 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-12-11 19:31 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2013-12-11 19:31 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-12-11 19:31 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-12-11 19:31 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-12-11 19:31 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-12-11 19:31 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-12-11 19:31 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-12-11 19:31 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2013-12-11 19:31 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2013-12-11 19:31 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-12-11 19:31 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-12-11 19:31 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-12-11 19:31 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-12-11 19:31 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-12-11 19:31 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2013-12-11 19:31 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-12-11 19:31 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-12-11 19:31 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-12-11 19:31 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-12-11 19:31 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-12-11 19:31 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-12-11 19:31 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-12-11 19:31 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-12-11 19:31 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-12-11 19:31 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-12-11 19:31 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-12-11 19:20 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-12-11 19:20 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-12-11 19:20 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2013-12-11 19:20 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2013-12-11 19:19 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-12-11 19:19 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2013-12-11 19:19 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll

2013-12-11 19:19 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll

2013-12-11 19:19 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-12-11 19:19 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2013-12-11 19:19 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

2013-12-11 19:17 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2013-12-11 19:17 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2013-12-11 19:17 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx

2013-12-11 19:17 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll

2013-12-11 19:17 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2013-12-11 19:17 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2013-12-11 19:17 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe

2013-12-11 19:17 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

2013-12-11 10:03 - 2013-12-11 19:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
 

==================== One Month Modified Files and Folders =======
 

2014-01-10 20:47 - 2014-01-10 20:47 - 00000000 ____D C:\FRST

2014-01-10 20:45 - 2014-01-10 20:45 - 00000000 _____ C:\Users\MyUser\defogger_reenable

2014-01-10 20:45 - 2010-01-19 23:01 - 00000000 ____D C:\Users\MyUser

2014-01-10 20:24 - 2012-04-12 20:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-01-10 20:24 - 2010-01-19 23:21 - 01423820 _____ C:\Windows\WindowsUpdate.log

2014-01-10 12:14 - 2009-07-14 06:13 - 00791698 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-10 10:41 - 2010-12-12 17:31 - 00000000 ____D C:\Windows\Minidump

2014-01-10 10:35 - 2010-03-24 10:20 - 00000000 ____D C:\Windows\system32\Drivers\Avg

2014-01-08 21:04 - 2009-04-22 10:00 - 00021952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-08 21:04 - 2009-04-22 10:00 - 00021952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-07 19:58 - 2014-01-07 19:58 - 00001351 _____ C:\Users\MyUser\AppData\Local\recently-used.xbel

2014-01-07 09:28 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-07 09:27 - 2012-04-25 13:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2014-01-01 19:05 - 2010-02-14 13:51 - 00000000 ____D C:\Users\MyUser\AppData\Roaming\vlc

2014-01-01 09:33 - 2014-01-01 09:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-12-15 19:46 - 2013-12-15 19:45 - 00000000 ____D C:\Program Files (x86)\inkscape

2013-12-13 22:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

2013-12-13 19:36 - 2009-07-14 05:45 - 00410112 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-13 19:35 - 2009-06-14 09:28 - 00360208 _____ C:\Windows\PFRO.log

2013-12-11 19:41 - 2013-12-11 19:41 - 00772020 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-12-11 19:35 - 2010-01-29 09:53 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-12-11 19:29 - 2013-07-13 19:24 - 00000000 ____D C:\Windows\system32\MRT

2013-12-11 19:24 - 2010-01-20 18:22 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-12-11 19:15 - 2013-12-11 10:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-09 19:34
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

-----------------------------------------------

PC ADDITION

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2014

Ran by MyUser at 2014-01-10 20:49:02

Running from E:\UserData\MyUser\Desktop\virus

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: AVG Anti-Virus Free (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AS: AVG Anti-Virus Free (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: COMODO Defense+ (Disabled - Up to date) {FEEA52D5-051E-08DD-07EF-2F009097607D}

FW: COMODO Firewall (Enabled) {7DB03214-694B-060B-1600-BD4715C36DBB}
 

==================== Installed Programs ======================
 

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)

@BIOS Ver.2.04 (x32 Version: 2.04 - GIGABYTE)

7-Zip 4.65 (x64 edition) (Version: 4.65.00.0 - Igor Pavlov)

AAVUpdateManager (x32 Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)

Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.0.0 - Adobe Systems)

Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.0.0 - Adobe Systems) Hidden

Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden

Adobe Bridge 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden

Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated) Hidden

Adobe Digital Editions (x32 Version:  - )

Adobe Digital Editions 2.0 (x32 Version: 2.0.1 - Adobe Systems Incorporated)

Adobe Flash Player 10 ActiveX (x32 Version: 10.0.22.87 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden

Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.)

Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden

Adobe Photoshop Lightroom 4.3 64-bit (Version: 4.3.1 - Adobe)

Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)

Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden

Akamai NetSession Interface (HKCU Version:  - Akamai Technologies, Inc)

AMD Catalyst Install Manager (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)

AMD Media Foundation Decoders (Version: 1.0.60728.1742 - Advanced Micro Devices, Inc.) Hidden

Apple Application Support (x32 Version: 2.3 - Apple Inc.)

Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)

AVG Free 9.0 (x32 Version:  - AVG Technologies)

AviSynth 2.5 (x32 Version:  - )

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center Core Implementation (x32 Version: 2009.0428.2132.36839 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0428.2132.36839 - ATI) Hidden

Catalyst Control Center Graphics Full New (x32 Version: 2009.0428.2132.36839 - ATI) Hidden

Catalyst Control Center Graphics Light (x32 Version: 2009.0428.2132.36839 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0428.2132.36839 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0428.2132.36839 - ATI) Hidden

Catalyst Control Center HydraVision Full (x32 Version: 2009.0428.2132.36839 - ATI) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2009.0428.2131.36839 - ATI) Hidden

ccc-core-static (x32 Version: 2009.0428.2132.36839 - ATI) Hidden

ccc-utility64 (Version: 2009.0428.2132.36839 - ATI) Hidden

Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.1.04066 - Cisco Systems, Inc.)

Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04066 - Cisco Systems, Inc.) Hidden

Citavi (x32 Version: 3.1.15.0 - Swiss Academic Software)

COMODO Internet Security (Version: 4.1.19277.920 - COMODO Group Inc.)

Dia (remove only) (x32 Version:  - )

DVD Rebuilder (x32 Version: Free v0.98.2 - jdobbs softworks and rockas association)

eDocPrintPro v3.13.4 (Version: 3.13.4 - MAY-Computer)

FastPictureViewer Codec Pack 3.5.0.88 (x32 Version: 3.5.0.88 - Axel Rietschin Software Developments)

FUJIdirekt Bestellsoftware 4.2 (x32 Version:  - )

GIMP 2.8.2 (Version: 2.8.2 - The GIMP Team)

Juniper Networks Host Checker (HKCU Version: 7.1.9.20893 - Juniper Networks)

Juniper Networks, Inc. Setup Client (HKCU Version: 7.1.9.20595 - Juniper Networks, Inc.)

Lexmark 5600-6600 Series (Version:  - Lexmark International, Inc.)

Lexmark Printable Web (x32 Version: 1.0.0.0 - )

Logitech Webcam Software (x32 Version: 2.0 - Logitech Inc. Inc.)

LWS Twitter (x32 Version: 13.00.1216.0 - Logitech) Hidden

Mathematica Extras 8.0 (2427702) (Version: 8.0.3 - Wolfram Research, Inc.)

Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (x32 Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Camera Codec Pack (Version: 16.4.1734.1104 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)

Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)

Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)

Mozilla Thunderbird 24.2.0 (x86 en-US) (x32 Version: 24.2.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)

myphotobook.de (x32 Version: 1.4.15 - myphotobook GmbH)

myphotobook.de (x32 Version: 1.4.15 - myphotobook GmbH) Hidden

Notepad++ (x32 Version: 6.1.1 - )

PDF24 Creator 4.7.0 (x32 Version:  - PDF24.org)

Poladroid (x32 Version: 0.9.6.0 - Poladroid.net)

PSPad editor (x32 Version:  - Jan Fiala)

QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)

R for Windows 2.14.1 (Version: 2.14.1 - R Development Core Team)

RStudio (x32 Version: 0.94.110 - RStudio)

Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)

Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0 - Adobe Systems Incorporated)

Steuer-Spar-Erklärung 2013 (x32 Version: 18.09 - Wolters Kluwer Deutschland GmbH)

TerraTec Home Cinema (x32 Version: 6.25.6 - )

Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)

Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 8.0.0.35 - GRISOFT, s.r.o.)

Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)

VLC media player 2.0.1 (x32 Version: 2.0.1 - VideoLAN)

Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30 - Microsoft Corporation)

Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)

Windows Movie Maker 2.6 (x32 Version: 2.6.4038.0 - Microsoft Corporation)

Wolfram CDF Player (M-WIN-D 8.0.3 2427703) (x32 Version: 8.0.3 - Wolfram Research, Inc.)

XMedia Recode 2.2.7.7 (x32 Version: 2.2.7.7 - Sebastian Dörfler)
 

==================== Restore Points  =========================
 

08-01-2014 12:15:46 Scheduled Checkpoint
 

==================== Hosts content: ==========================
 

2009-07-14 03:34 - 2013-06-24 10:42 - 00000890 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

131.188.12.8        vpn.rrze.uni-erlangen.de
 
 
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {1BA62541-96A7-4F7C-8310-CECFDB75CE27} - System32\Tasks\{6BB34D95-0F69-4C87-BD9E-3E041EE9DD59} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112/de/privacy

Task: {42333021-6732-48F5-8927-C322D7AAB020} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)

Task: {5DF4EAF4-445B-48B0-B052-CF394FC17887} - System32\Tasks\{4EEEBC52-7B5F-4179-A5BD-BDF84EE6C4F8} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)

Task: {6DB92B7B-1DC3-4F95-808C-C0327EA4F60B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {95CF8801-F677-4ADD-873E-A0FE1EABB68D} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [2009-09-04] ()

Task: {B6E58200-CB12-4141-81F0-1ACA274F5ED7} - System32\Tasks\{C6274884-061E-4E21-84F4-8D7A639A9C2E} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar

Task: {DADD1330-75BC-4C51-97CD-1923E41F05ED} - System32\Tasks\{7773475C-4813-49DB-8192-B0D679B2C829} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112/de/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2008-10-30 13:39 - 2008-10-30 13:39 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2010-01-19 23:06 - 2010-01-19 23:06 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2013-10-10 22:48 - 2013-08-30 23:11 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll

2009-06-14 09:16 - 2009-09-04 07:23 - 00380928 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll

2009-06-14 09:16 - 2009-08-19 16:39 - 00188416 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll

2009-06-14 09:16 - 2009-08-19 16:39 - 00073728 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducats.dll

2009-06-14 09:16 - 2009-09-04 07:23 - 01036288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll

2009-06-14 09:16 - 2009-09-04 07:24 - 00081920 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll

2009-06-14 09:16 - 2009-09-04 07:15 - 00069632 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll

2009-06-14 09:16 - 2009-02-12 02:38 - 00028672 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\App4R.Monitor.Common.dll

2009-06-14 09:16 - 2009-02-12 02:38 - 00036864 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\App4R.Monitor.Core.dll

2009-06-14 09:16 - 2009-02-12 02:37 - 00065536 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll

2009-06-14 09:16 - 2008-03-25 04:53 - 00012288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll

2014-01-01 09:33 - 2014-01-01 09:33 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: vpnva

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (01/10/2014 11:55:27 AM) (Source: Application Error) (User: )

Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677

Exception code: 0xe06d7363

Fault offset: 0x000000000000940d

Faulting process id: 0x89c

Faulting application start time: 0xsvchost.exe0

Faulting application path: svchost.exe1

Faulting module path: svchost.exe2

Report Id: svchost.exe3
 

Error: (01/04/2014 09:31:00 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.
 

Error: (01/03/2014 09:54:54 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.
 

Error: (01/01/2014 09:32:14 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.
 

Error: (12/15/2013 07:42:29 PM) (Source: Application Error) (User: )

Description: Faulting application name: inkscape.exe, version: 0.46.0.0, time stamp: 0x4a663029

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x8fd70000

Faulting process id: 0x1014

Faulting application start time: 0xinkscape.exe0

Faulting application path: inkscape.exe1

Faulting module path: inkscape.exe2

Report Id: inkscape.exe3
 

Error: (12/15/2013 07:42:11 PM) (Source: Application Error) (User: )

Description: Faulting application name: inkscape.exe, version: 0.46.0.0, time stamp: 0x4a663029

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x8fd00000

Faulting process id: 0xb8c

Faulting application start time: 0xinkscape.exe0

Faulting application path: inkscape.exe1

Faulting module path: inkscape.exe2

Report Id: inkscape.exe3
 

Error: (12/15/2013 11:24:59 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.
 

Error: (12/13/2013 10:12:51 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.
 

Error: (12/13/2013 09:01:41 AM) (Source: Application Error) (User: )

Description: Faulting application name: firefox.exe, version: 25.0.1.5064, time stamp: 0x5282f204

Faulting module name: xul.dll, version: 25.0.1.5064, time stamp: 0x5282f10e

Exception code: 0xc0000005

Fault offset: 0x00118f87

Faulting process id: 0x1388

Faulting application start time: 0xfirefox.exe0

Faulting application path: firefox.exe1

Faulting module path: firefox.exe2

Report Id: firefox.exe3
 

Error: (12/12/2013 01:24:07 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.
 
 

System errors:

=============

Error: (01/09/2014 09:39:29 PM) (Source: Server) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{A92E68C2-F425-4224-A57B-9CD4902598D7} because another computer on the network has the same name.  The server could not start.
 

Error: (01/07/2014 07:29:35 PM) (Source: Server) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{A92E68C2-F425-4224-A57B-9CD4902598D7} because another computer on the network has the same name.  The server could not start.
 

Error: (01/07/2014 09:29:06 AM) (Source: atapi) (User: )

Description: The driver detected a controller error on \Device\Ide\IdePort0.
 

Error: (01/07/2014 09:28:12 AM) (Source: Service Control Manager) (User: )

Description: The lxduCATSCustConnectService service failed to start due to the following error: 

%%1053
 

Error: (01/07/2014 09:28:12 AM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.
 

Error: (01/07/2014 09:26:41 AM) (Source: DCOM) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 

Error: (01/06/2014 11:38:33 AM) (Source: volsnap) (User: )

Description: The shadow copies of volume F: were aborted during detection because a critical control file could not be opened.
 

Error: (01/04/2014 09:09:28 AM) (Source: Server) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{A92E68C2-F425-4224-A57B-9CD4902598D7} because another computer on the network has the same name.  The server could not start.
 

Error: (01/03/2014 09:20:39 PM) (Source: atapi) (User: )

Description: The driver detected a controller error on \Device\Ide\IdePort0.
 

Error: (12/31/2013 06:37:19 PM) (Source: Service Control Manager) (User: )

Description: The lxduCATSCustConnectService service failed to start due to the following error: 

%%1053
 
 

Microsoft Office Sessions:

=========================

Error: (04/29/2010 02:09:52 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17086 seconds with 960 seconds of active time.  This session ended with a crash.
 
 

CodeIntegrity Errors:

===================================

  Date: 2013-10-01 13:11:17.088

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2013-02-25 10:48:40.814

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2009-07-04 10:59:22.948

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2009-07-04 08:43:51.471

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2009-07-03 16:28:49.045

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2009-07-03 06:38:27.253

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2009-07-02 21:43:16.534

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2009-07-02 20:32:02.278

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2009-07-02 20:06:20.430

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2009-07-02 19:45:42.775

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 48%

Total physical RAM: 3966.49 MB

Available physical RAM: 2034.31 MB

Total Pagefile: 8060.67 MB

Available Pagefile: 5623.24 MB

Total Virtual: 8192 MB

Available Virtual: 8191.79 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:99.9 GB) (Free:45.36 GB) NTFS

Drive e: (Data) (Fixed) (Total:831.51 GB) (Free:135.97 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 000224F3)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=832 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

-------------------------------

PC GMER

Code:

Wie gesagt leer. Allerdings im abgesichteren Modus (ohne Netzwerktreiber) durchgeführt

=============================================================================

Hallo nochmal.

Also, im Laufe des Tags habe ich beide Rechner mit der AntivirusLiveCD gescannt. Die nimmt hierfür ClamAV 0.98 und updated vor dem Scan die Virendefinition.

Auf dem Laptop hat sie angeblich eine DLL (srswow.dll) aus den Thinkpad Audio Driver Installer gefunden, die mit dem Win.Trojan.Ramnit-1765 infiziert sei. Diese habe ich gelöscht.

Auf dem PC hat sie 10 Dateien gefunden, die mit dem W32.Virut.Gen.D-159 infiziert seien. Alle im Office-Umfeld (Excel.exe, excelconv.exe, VBA6.dll und msp Pakete des Office aus C:\Windows\Installer).

Nun habe ich diese 10 Files bei VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 37 AntiVirus Engines! scannen lassen, mit folgendem Ergebnis: Einzig der ClamAV findet einen Infekt, alle anderen 35 Scanner nicht.

Insofern glaube ich, dass ich einfach dem anscheinend übersensiblen ClamAV meines Bekannten auf den Leim gegangen bin und möchte es hierbei belassen.

Wahrscheinlich lege ich mir noch ne Boot-CD zu, um regelmäßig die Computer von einem anderen OS aus zu scannen. Vielleicht wird's die heute verwendete Antivirus Live CD oder vielleicht die Desinfec't - mal schauen.

Auf jeden Fall will ich Eure Zeit nicht für einen falschen Alarm rauben.

Grüße,
Willibald