TR/BProtector.Gen, TR/Sefnit.AS.49, TR/Agent.8192.92, in AppData/Local/Temp Hallo zusammen!
Nachdem ich eine Email von BSI bekam, dass meine Emailadresse gehackt wurde, habe ich meinen Laptop mit Avira Antivirüberprüft. Dies sind die gemeldeten Ereignisse: Code:
25.01.2014 23:52 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\DieDaSas\AppData\Local\Temp\setup_fsu_cid.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Sefnit.AS.49' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c29c63b.qua'
verschoben!
25.01.2014 23:52 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\DieDaSas\AppData\Local\Temp\AD90.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/BProtector.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '00d4ea52.qua'
verschoben!
25.01.2014 23:52 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\DieDaSas\AppData\Local\Temp\xytfhewdfokl\parent.txt'
enthielt einen Virus oder unerwünschtes Programm 'APPL/DomaIQ.Gen2' [program].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '76b8d963.qua'
verschoben!
25.01.2014 23:52 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\DieDaSas\AppData\Local\Temp\xytfhewdfokl\mcsmvzpebpmhc.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.8192.92' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '333df458.qua'
verschoben!
25.01.2014 23:52 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\DieDaSas\Downloads\FetteFrakturvonSchriftartenFontsde_downloader_by_Sc
hriftartenFontsde.exe'
enthielt einen Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '108196a5.qua'
verschoben! Ich habe die Checkliste abgearbeitet:
Defogger meldet nichts (allerdings habe ich es nicht als Administrator ausgeführt, obwohl ich Win7 habe. Soll ich es nochmal als Admin ausführen?)
Systemscan mit FRST:
FRST.txt Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01
Ran by DieDaSas (administrator) on DIEDASAS-FUJI on 26-01-2014 11:50:53
Running from C:\Users\DieDaSas\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
() C:\Users\DieDaSas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Dropbox, Inc.) C:\Users\DieDaSas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNAutoCon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\DieDaSas\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [589176 2011-12-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-19] (Intel Corporation)
HKLM\...\Run: [LoadFUJ02E3] - C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [76104 2011-11-23] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [205168 2011-10-03] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-09-30] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-09-30] (FUJITSU LIMITED)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [Ocs_SM] - C:\Users\DieDaSas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-04-17] (OCS)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-06] (Intel Corporation)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-29] (FUJITSU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2486296 2014-01-24] ()
HKLM-x32\...\Run: [MobileBroadband] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [69120 2012-02-03] (Vodafone)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM-x32\...\RunOnce: [PIP] - C:\Users\DieDaSas\AppData\Local\Temp\Offercast_AVIRAV7_.exe -pid AVIRAV7 -rebootRetry [1326512 2013-12-09] (Ask.com)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
MountPoints2: F - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {0e6b356f-6fb9-11e2-b316-685d432b0376} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {0e6b3644-6fb9-11e2-b316-685d432b0376} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {4875aa19-ab34-11e2-9818-685d432b0376} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {65366c7a-ddb6-11e2-9ad7-685d432b0376} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {69cc0b57-26db-11e3-85e7-685d432b0376} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {6cf29f37-a6b4-11e2-a21a-685d432b0376} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {8610ab80-85ab-11e3-93d8-685d432b0376} - F:\AutoRun.exe
MountPoints2: {8610abbd-85ab-11e3-93d8-685d432b0376} - F:\AutoRun.exe
MountPoints2: {8610abee-85ab-11e3-93d8-685d432b0376} - F:\AutoRun.exe
MountPoints2: {8610abf0-85ab-11e3-93d8-685d432b0376} - F:\AutoRun.exe
MountPoints2: {8d3aa977-8518-11e3-981e-685d432b0376} - F:\AutoRun.exe
MountPoints2: {8d3aa995-8518-11e3-981e-685d432b0376} - F:\AutoRun.exe
MountPoints2: {8d3aa996-8518-11e3-981e-685d432b0376} - F:\AutoRun.exe
MountPoints2: {8d3aa9b0-8518-11e3-981e-685d432b0376} - F:\AutoRun.exe
MountPoints2: {a8840c64-8b32-11e2-b3f8-685d432b0376} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {cccbe2ca-4568-11e3-b2af-001e101f21c1} - F:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {e1295794-9004-11e2-b024-685d432b0376} - F:\setup_vmb_lite.exe /checkApplicationPresence
Startup: C:\Users\DieDaSas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\DieDaSas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x753559469784CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=7319ccca-e168-45a4-8d47-56dd4eb08ea1&pid=freewarede&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=7319ccca-e168-45a4-8d47-56dd4eb08ea1&pid=freewarede&k=0
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119828&babsrc=SP_ss&mntrId=DE00001E101F21C1
SearchScopes: HKCU - {15AD49C6-02EB-4DD7-8F8C-A929105FB02A} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=7319ccca-e168-45a4-8d47-56dd4eb08ea1&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {21E0022C-BBBF-457A-96A0-B70E92628E08} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=7319ccca-e168-45a4-8d47-56dd4eb08ea1&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {52FC6C97-274F-4A54-BBB6-BE8D327D7095} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=7319ccca-e168-45a4-8d47-56dd4eb08ea1&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {9ED66CE2-28D8-4D48-8D29-8D42EA182D41} URL = hxxp://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F72656469726563743F636C69656E743D69652674623D4156522D34266F3D41504E3130323631267372633D6B7726713D7B7365617263685465726D737D266C6F63616C653D64655F44452661706E5F70746E72733D5E4147532661706E5F647469643D5E5959595959595E59595E44452661706E5F7569643D61353931333538342D623038302D343963622D396464632D6437366332656564313337372661706E5F73617569643D36314343373738422D423535312D343145352D393736332D413634314141424643333936&st={searchTerms}&clid=7319ccca-e168-45a4-8d47-56dd4eb08ea1&pid=freewarede&k=0
SearchScopes: HKCU - {A44E0143-3421-4015-BC95-73986FCDB340} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=7319ccca-e168-45a4-8d47-56dd4eb08ea1&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {DF3CBE82-DB5F-47E2-A0CA-67C460FEC049} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=7319ccca-e168-45a4-8d47-56dd4eb08ea1&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {E2C5C6F1-D1D0-4121-A09F-461490DB55F3} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=7319ccca-e168-45a4-8d47-56dd4eb08ea1&pid=freewarede&mode=bounce&k=0
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 80.69.100.110 80.69.100.102
Tcpip\..\Interfaces\{3137B3E0-707C-478E-A12F-C058B91C2E77}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{5238B070-0FE8-4198-9DE2-089E894652CC}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{D31794E2-E17B-4814-A78C-F31C0A28A692}: [NameServer]139.7.30.125 139.7.30.126
FireFox:
========
FF ProfilePath: C:\Users\DieDaSas\AppData\Roaming\Mozilla\Firefox\Profiles\kd0ffg4b.default
FF user.js: detected! => C:\Users\DieDaSas\AppData\Roaming\Mozilla\Firefox\Profiles\kd0ffg4b.default\user.js
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\DieDaSas\AppData\Roaming\Mozilla\Firefox\Profiles\kd0ffg4b.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\DieDaSas\AppData\Roaming\Mozilla\Firefox\Profiles\kd0ffg4b.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\DieDaSas\AppData\Roaming\Mozilla\Firefox\Profiles\kd0ffg4b.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\DieDaSas\AppData\Roaming\Mozilla\Firefox\Profiles\kd0ffg4b.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FireJump - C:\Users\DieDaSas\AppData\Roaming\Mozilla\Firefox\Profiles\kd0ffg4b.default\Extensions\firejump@firejump.net [2013-04-17]
FF Extension: Spartipps von SparPilot.com - C:\Users\DieDaSas\AppData\Roaming\Mozilla\Firefox\Profiles\kd0ffg4b.default\Extensions\sparpilot@sparpilot.com [2013-04-17]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\DieDaSas\AppData\Roaming\Mozilla\Firefox\Profiles\kd0ffg4b.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 [2014-01-24]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-11-19]
FF HKCU\...\Firefox\Extensions: [sparpilot@sparpilot.com] - C:\Users\DieDaSas\AppData\Roaming\Mozilla\Firefox\Profiles\kd0ffg4b.default\extensions\sparpilot@sparpilot.com
FF Extension: Spartipps von SparPilot.com - C:\Users\DieDaSas\AppData\Roaming\Mozilla\Firefox\Profiles\kd0ffg4b.default\extensions\sparpilot@sparpilot.com [2013-04-17]
FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\DieDaSas\AppData\Roaming\Mozilla\Firefox\Profiles\kd0ffg4b.default\extensions\firejump@firejump.net
FF Extension: FireJump - C:\Users\DieDaSas\AppData\Roaming\Mozilla\Firefox\Profiles\kd0ffg4b.default\extensions\firejump@firejump.net [2013-04-17]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc)
R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2011-11-23] (FUJITSU LIMITED)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63856 2011-10-03] (FUJITSU LIMITED)
R2 SearchAnonymizer; C:\Users\DieDaSas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2013-04-17] ()
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-24] (AVG Secure Search)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-06] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [422400 2012-01-27] (Huawei Technologies Co., Ltd.)
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 hcw10bda; C:\Windows\System32\drivers\hcw10bda.sys [649904 2012-10-08] (Hauppauge Computer Works, Inc.)
S2 hcw10cir; C:\Windows\System32\drivers\hcw10cir.sys [46080 2010-05-10] (Hauppauge Computer Works, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2012-03-09] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [638896 2012-03-09] (Intel Corporation)
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [51280 2010-11-02] (LSI Corporation)
S3 megasr1; C:\Windows\system32\drivers\megasr1.sys [806696 2012-02-08] (LSI Corporation, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1812608 2011-12-27] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-26 11:50 - 2014-01-26 11:51 - 00026764 _____ C:\Users\DieDaSas\Downloads\FRST.txt
2014-01-26 11:50 - 2014-01-26 11:50 - 00380416 _____ C:\Users\DieDaSas\Downloads\omfsnz0g.exe
2014-01-26 11:50 - 2014-01-26 11:50 - 00000000 ___DC C:\FRST
2014-01-26 11:48 - 2014-01-26 11:50 - 02078208 _____ (Farbar) C:\Users\DieDaSas\Downloads\FRST64.exe
2014-01-26 11:45 - 2014-01-26 11:45 - 00000478 _____ C:\Users\DieDaSas\Downloads\defogger_disable.log
2014-01-26 11:45 - 2014-01-26 11:45 - 00000000 _____ C:\Users\DieDaSas\defogger_reenable
2014-01-26 11:44 - 2014-01-26 11:44 - 00008306 _____ C:\Users\DieDaSas\Desktop\Ereignisse.txt
2014-01-26 11:42 - 2014-01-26 11:42 - 00050477 _____ C:\Users\DieDaSas\Downloads\Defogger.exe
2014-01-25 13:50 - 2014-01-25 13:50 - 00000000 ____D C:\Users\DieDaSas\AppData\Roaming\Avira
2014-01-25 13:48 - 2014-01-25 13:48 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2014-01-25 13:48 - 2014-01-25 13:48 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2014-01-25 13:47 - 2013-10-04 22:50 - 00509872 _____ (Ask Partner Network) C:\Users\DieDaSas\Documents\APNSetup.exe
2014-01-25 13:46 - 2014-01-25 13:46 - 00000000 ____D C:\Program Files (x86)\Avira
2014-01-25 13:46 - 2013-12-09 11:37 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-01-25 13:46 - 2013-12-09 11:37 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-01-25 13:46 - 2013-12-09 11:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-01-25 13:46 - 2013-12-09 11:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-01-25 13:01 - 2014-01-25 13:04 - 129598176 _____ C:\Users\DieDaSas\Downloads\avira_free344_antivirus_de.exe
2014-01-24 18:06 - 2014-01-24 18:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2014-01-24 18:06 - 2014-01-24 18:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
2014-01-24 18:05 - 2014-01-24 18:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2014-01-21 15:55 - 2014-01-21 15:55 - 00140764 ____H C:\Windows\SysWOW64\mlfcache.dat
2014-01-15 20:05 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 20:05 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 20:05 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 20:05 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 20:05 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 20:05 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 20:05 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 20:05 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 20:05 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
2014-01-26 11:51 - 2014-01-26 11:50 - 00026764 _____ C:\Users\DieDaSas\Downloads\FRST.txt
2014-01-26 11:50 - 2014-01-26 11:50 - 00380416 _____ C:\Users\DieDaSas\Downloads\omfsnz0g.exe
2014-01-26 11:50 - 2014-01-26 11:50 - 00000000 ___DC C:\FRST
2014-01-26 11:50 - 2014-01-26 11:48 - 02078208 _____ (Farbar) C:\Users\DieDaSas\Downloads\FRST64.exe
2014-01-26 11:50 - 2012-08-27 20:58 - 01788614 _____ C:\Windows\WindowsUpdate.log
2014-01-26 11:45 - 2014-01-26 11:45 - 00000478 _____ C:\Users\DieDaSas\Downloads\defogger_disable.log
2014-01-26 11:45 - 2014-01-26 11:45 - 00000000 _____ C:\Users\DieDaSas\defogger_reenable
2014-01-26 11:45 - 2012-08-27 21:06 - 00000000 ____D C:\Users\DieDaSas
2014-01-26 11:44 - 2014-01-26 11:44 - 00008306 _____ C:\Users\DieDaSas\Desktop\Ereignisse.txt
2014-01-26 11:42 - 2014-01-26 11:42 - 00050477 _____ C:\Users\DieDaSas\Downloads\Defogger.exe
2014-01-26 11:25 - 2013-07-29 20:09 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-26 11:17 - 2012-08-28 21:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-25 19:25 - 2013-07-29 20:09 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-25 13:50 - 2014-01-25 13:50 - 00000000 ____D C:\Users\DieDaSas\AppData\Roaming\Avira
2014-01-25 13:48 - 2014-01-25 13:48 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2014-01-25 13:48 - 2014-01-25 13:48 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2014-01-25 13:46 - 2014-01-25 13:46 - 00000000 ____D C:\Program Files (x86)\Avira
2014-01-25 13:46 - 2012-10-10 18:03 - 00000000 ____D C:\ProgramData\Avira
2014-01-25 13:46 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-25 13:46 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-25 13:39 - 2013-01-02 22:19 - 00000000 ____D C:\Users\DieDaSas\AppData\Roaming\Dropbox
2014-01-25 13:38 - 2013-04-16 21:02 - 00022419 _____ C:\Windows\setupact.log
2014-01-25 13:38 - 2010-11-21 04:47 - 00244646 _____ C:\Windows\PFRO.log
2014-01-25 13:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-25 13:04 - 2014-01-25 13:01 - 129598176 _____ C:\Users\DieDaSas\Downloads\avira_free344_antivirus_de.exe
2014-01-24 18:06 - 2014-01-24 18:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2014-01-24 18:06 - 2014-01-24 18:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
2014-01-24 18:05 - 2014-01-24 18:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2014-01-24 17:59 - 2013-09-08 09:52 - 00003730 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-01-24 17:58 - 2013-03-29 21:17 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2014-01-22 15:05 - 2012-08-28 06:52 - 00700418 _____ C:\Windows\system32\perfh007.dat
2014-01-22 15:05 - 2012-08-28 06:52 - 00149182 _____ C:\Windows\system32\perfc007.dat
2014-01-22 15:05 - 2009-07-14 06:13 - 01621244 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-21 15:55 - 2014-01-21 15:55 - 00140764 ____H C:\Windows\SysWOW64\mlfcache.dat
2014-01-16 14:06 - 2013-01-02 22:25 - 00001039 _____ C:\Users\DieDaSas\Desktop\Dropbox.lnk
2014-01-16 14:06 - 2013-01-02 22:20 - 00000000 ____D C:\Users\DieDaSas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 14:06 - 2012-08-27 21:06 - 00000000 ___RD C:\Users\DieDaSas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 13:56 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-16 13:56 - 2009-07-14 05:45 - 00420648 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 23:55 - 2013-08-24 23:39 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 22:16 - 2012-08-27 21:47 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\DieDaSas\AppData\Local\Temp\avgnt.exe
C:\Users\DieDaSas\AppData\Local\Temp\hcwclear.exe
C:\Users\DieDaSas\AppData\Local\Temp\Offercast_AVIRAV7_.exe
C:\Users\DieDaSas\AppData\Local\Temp\uninst1.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-20 09:32
==================== End Of Log ============================ Addition.txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2014 01
Ran by DieDaSas at 2014-01-26 11:51:44
Running from C:\Users\DieDaSas\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (x32 Version: 10.1.9 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (Version: - ALPS ELECTRIC CO., LTD.)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Applian FLV and Media Player 3.1.1.12 (x32 Version: 3.1.1.12 - Applian Technologies)
AVG Security Toolbar (x32 Version: 17.3.0.49 - AVG Technologies)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar (x32 Version: 12.10.0.2951 - APN, LLC)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (x32 Version: - )
Canon Easy-WebPrint EX (x32 Version: - )
Canon IJ Network Scan Utility (x32 Version: - )
Canon IJ Network Tool (x32 Version: - )
Canon iP4700 series Benutzerregistrierung (x32 Version: - )
Canon iP4700 series Printer Driver (Version: - )
Canon MG5200 series Benutzerregistrierung (x32 Version: - )
Canon MG5200 series MP Drivers (Version: - )
Canon MP Navigator EX 4.0 (x32 Version: - )
Canon My Printer (x32 Version: - )
Canon Solution Menu EX (x32 Version: - )
Canon Utilities Solution Menu (x32 Version: - )
CD-LabelPrint (x32 Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
FireJump (x32 Version: 1.0.2.5 - FireJump.net)
FJ Camera (x32 Version: 5.8.52032.0_WHQL - Sonix)
FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25) - Martijn de Visser)
Fujitsu Hotkey Utility (x32 Version: 3.70.0.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.70.0.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.002 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (x32 Version: 3.01.00.002 - FUJITSU LIMITED)
Fujitsu System Extension Utility (Version: 3.4.4.0 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (x32 Version: 3.4.4.0 - FUJITSU LIMITED)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Management Engine Components (x32 Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (x32 Version: - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2696 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.216.0 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 9 (x32 Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
LIFEBOOK Application Panel (Version: 8.3.2.0 - FUJITSU LIMITED) Hidden
LIFEBOOK Application Panel (x32 Version: 8.3.2.0 - FUJITSU LIMITED)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero BurnRights 10 (x32 Version: 4.4.10400.2.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12700.0.7 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero CoverDesigner 10 (x32 Version: 5.6.10600.4.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero InfoTool 10 (x32 Version: 7.4.10300.1.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.6.14900.57.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.6.10200 - Nero AG)
Nero StartSmart 10 (x32 Version: 10.6.10400.2.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Update (x32 Version: 1.0.10900.31.0 - Nero AG)
NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900 - Nero AG) Hidden
PDF Architect (x32 Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (x32 Version: 1.7.1 - pdfforge)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Plugfree NETWORK (Version: 6.2.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 6.2.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (x32 Version: 32.01.10.038 - FUJITSU LIMITED)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Realtek Ethernet Controller Driver (x32 Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.30129 - Realtek Semiconductor Corp.)
SearchAnonymizer (Version: 1.0.1 (de) - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype™ 6.5 (x32 Version: 6.5.158 - Skype Technologies S.A.)
SparPilot (x32 Version: 2.0.9 - SparPilot.com)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
VLC media player 2.0.2 (Version: 2.0.2 - VideoLAN)
Vodafone Mobile Broadband (x32 Version: 10.3.202.37394 - Vodafone)
WinZip 18.0 (x32 Version: 18.0.10661 - WinZip Computing, S.L. )
==================== Restore Points =========================
25-01-2014 21:20:48 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0D0C4063-BD92-4D52-9724-E643A725C0E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29] (Google Inc.)
Task: {27EC31E0-BDE7-406A-A01C-8196E99785D8} - System32\Tasks\{A25B1D73-C299-4874-8EC1-F4DCD3B21690} => C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
Task: {6A60C141-67B6-4380-B034-D51DBEE05677} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {8A9915F7-22A2-46D6-BA56-C28568DD13CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-13] (Adobe Systems Incorporated)
Task: {9D0C72AE-D7AA-4238-B2B8-57C8DC1D4B3E} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {F1BEF6DB-CEFE-4FFD-9CBC-36324EFE1E76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-03-19 07:09 - 2012-03-19 07:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\DieDaSas\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-24 17:58 - 2014-01-24 17:58 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2012-02-03 14:16 - 2012-02-03 14:16 - 00396800 _____ () C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-08-27 21:23 - 2011-12-16 01:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-01-25 13:46 - 2013-12-09 11:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-11-18 19:44 - 2013-12-10 18:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/26/2014 11:10:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 720194
Error: (01/26/2014 11:10:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 720194
Error: (01/26/2014 11:10:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/26/2014 10:58:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020
Error: (01/26/2014 10:58:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020
Error: (01/26/2014 10:58:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/26/2014 10:58:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6021
Error: (01/26/2014 10:58:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6021
Error: (01/26/2014 10:58:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/26/2014 10:58:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5023
System errors:
=============
Error: (01/26/2014 11:29:46 AM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.16
registriert werden. Der Computer mit IP-Adresse 192.168.0.11 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (01/25/2014 01:38:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hauppauge CIR Receiver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (01/25/2014 11:29:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hauppauge CIR Receiver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (01/24/2014 06:30:45 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (01/24/2014 05:57:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hauppauge CIR Receiver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (01/24/2014 10:57:51 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hauppauge CIR Receiver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (01/23/2014 10:15:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hauppauge CIR Receiver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (01/23/2014 04:53:26 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (01/23/2014 04:45:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hauppauge CIR Receiver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (01/22/2014 00:03:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hauppauge CIR Receiver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Microsoft Office Sessions:
=========================
Error: (01/26/2014 11:10:13 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 720194
Error: (01/26/2014 11:10:13 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 720194
Error: (01/26/2014 11:10:13 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/26/2014 10:58:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020
Error: (01/26/2014 10:58:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020
Error: (01/26/2014 10:58:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/26/2014 10:58:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6021
Error: (01/26/2014 10:58:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6021
Error: (01/26/2014 10:58:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/26/2014 10:58:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5023
CodeIntegrity Errors:
===================================
Date: 2014-01-26 11:41:24.030
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-26 11:10:18.010
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-25 13:39:30.885
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-25 13:34:57.242
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-25 13:00:29.834
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-25 11:53:55.956
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-25 11:30:22.537
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-24 18:23:11.194
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-24 17:57:46.432
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-24 11:42:08.773
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 55%
Total physical RAM: 3958.37 MB
Available physical RAM: 1768.52 MB
Total Pagefile: 7914.92 MB
Available Pagefile: 5278.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:60 GB) (Free:2.17 GB) NTFS
Drive d: (Data) (Fixed) (Total:621.63 GB) (Free:512.49 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: B8755606)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=697 GB) - (Type=OF Extended)
==================== End Of Log ============================ GMER: Code:
GMER 2.1.19355 - hxxp://www.gmer.net
Rootkit scan 2014-01-26 12:24:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 698,64GB
Running: 4whwcinj.exe; Driver: C:\Users\DieDaSas\AppData\Local\Temp\fxldqpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033a7000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800033a702f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Users\DieDaSas\AppData\Roaming\Dropbox\bin\Dropbox.exe[1412] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075c01465 2 bytes [C0, 75]
.text C:\Users\DieDaSas\AppData\Roaming\Dropbox\bin\Dropbox.exe[1412] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075c014bb 2 bytes [C0, 75]
.text ... * 2
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c01465 2 bytes [C0, 75]
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c014bb 2 bytes [C0, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3296] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075c01465 2 bytes [C0, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3296] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075c014bb 2 bytes [C0, 75]
.text ... * 2
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[6592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c01465 2 bytes [C0, 75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[6592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c014bb 2 bytes [C0, 75]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\Users\DieDaSas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1904] 000007fef8180000
Process C:\Users\DieDaSas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe (*** suspicious ***) @ C:\Users\DieDaSas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [3040] 00000000012a0000
Process C:\Users\DieDaSas\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\DieDaSas\AppData\Roaming\Dropbox\bin\Dropbox.exe [1412] 0000000000400000
Library C:\Users\DieDaSas\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\DieDaSas\AppData\Roaming\Dropbox\bin\Dropbox.exe [1412] 0000000004080000
Library C:\Users\DieDaSas\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\DieDaSas\AppData\Roaming\Dropbox\bin\Dropbox.exe [1412](2013-10-18 23:55:02) 000000006e690000
Library C:\Users\DieDaSas\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\DieDaSas\AppData\Roaming\Dropbox\bin\Dropbox.exe [1412] 000000006d500000
Library \\?\C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [3320] (Individualized Black Box DLL/Microsoft Corporation SIGNED)(2013-05-14 14:52:11) 000000000ac00000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???g????0.0.0.0??????_???????????{???????h????4??@???&???????1??? ???/???????????????????????????????????h??.NTAMD64?a??PEAUTH??????? P??@????????????????`??@??????????%ProgramData%\Microsoft\Windows\WER\* /s??????h?????????????????%systemroot%\Minidump\* /s?%systemroot%\memory.dmp??????????????????????????\hiberfil.sys????????&????????????????????????????????L????????A????%windir%\softwaredistribution\*.* /s????????????????????????? ????????????????????????$????????? ???????e???????????????mnmsrvc????????A????????????????????? ????????????????????????????L?????????????????%ProgramData%\Microsoft\RAC\*?%ProgramData%\Microsoft\RAC\StateData\*?%ProgramData%\Microsoft\RAC\Outbound\*?%ProgramData%\Microsoft\RAC\PublishedData\*?%ProgramData%\Microsoft\RAC\Temp\*????????????????????l????????????\System Volume Information\*.{7cc467ef-6865-4831-853f-2a4817fd1bca}DB???????\System Volume Information\*.{7cc467ef-6865-4831-853f-2a4817fd1bca}ALT????????????????????????<??????~??????\System Volume Information\FVE.{e40ad34
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d432b0376
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d432b0376 (not active ControlSet)
---- EOF - GMER 2.1 ----
Was muss ich nun tun? Alles neu aufsetzen, oder reicht das Löschen der entsprechenden Dateien?
Ganz lieben Dank für euere Hilfe,
liebe Grüße
Ani |