Windows 7 / Firefox: Umleitung auf ads.fly und Funktionseinschränkung auf Websites
Guten Morgen liebes Trojaner-Board Support Team,
ich benötige eure Hilfe und wäre ich sehr dankbar, wenn ihr mir bei der Bereinigung meines Rechners helft. Seit ca. 2 Tagen habe ich folgende Probleme mit meinem Rechner:
- In Firefox werde ich desöfteren auf die Seite adf.ly umgeleitet.
- Die meisten Internetseiten funktionieren auch nicht mehr reibungslos, d.h. Buttons lassen sich z.B. nicht mehr anklicken (z.B. kann ich hier im Editor nichts anklicken)
- Auch hat sich die Erscheinung des Browsers leicht geändert (Schaltflächen Neuer Tab, IE Tab verschwunden) mein System:
- Acer Extensa Laptop (Privatnutzung)
- Windows 7 ultimate 32bit (in einem Anfall von Dummheit/Unwissenheit gekauft)
- ich denke, alle weiteren wichtigen Konfigurationen stehen in den Log-Files, ansonsten teile ich euch natürlich alles gerne mit Logfiles: Defogger: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 06:09 on 28/01/2014 (Gauner)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2014
Ran by Gauner (administrator) on GAUNER-PC on 28-01-2014 06:10:22
Running from C:\Users\Gauner\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) ===================
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Aventail Corporation) C:\Windows\System32\ngvpnmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(FSPro Labs) C:\Windows\System32\fsproflt.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Dropbox, Inc.) C:\Users\Gauner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1130504 2009-08-28] (Dritek System Inc.)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [543432 2013-10-16] (Sandboxie Holdings, LLC)
MountPoints2: {0c9b372c-64d1-11e3-9875-415645000030} - F:\AutoRun.exe
MountPoints2: {0c9b372f-64d1-11e3-9875-415645000030} - F:\AutoRun.exe
MountPoints2: {0c9b3733-64d1-11e3-9875-415645000030} - F:\AutoRun.exe
MountPoints2: {fed950c1-06c9-11e2-a2fe-00262d924e79} - G:\Startme.exe
Startup: C:\Users\Gauner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Gauner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF046925CC65ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {66D845A0-C3BB-45AD-807C-9BFEAF20EF2C} hxxp://my.ohm-hochschule.de/content/static/ecm/activex/Enable_Edit_In_Place.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1
Tcpip\..\Interfaces\{3AAE5C04-5E1F-4292-9C3C-83A44247B5D0}: [NameServer]192.168.20.1
FireFox:
========
FF ProfilePath: C:\Users\Gauner\AppData\Roaming\Mozilla\Firefox\Profiles\ezvfzftv.Linux
FF NetworkProxy: "backup.ftp", "209.9.243.185"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.gopher", "209.9.243.185"
FF NetworkProxy: "backup.gopher_port", 80
FF NetworkProxy: "backup.socks", "209.9.243.185"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "209.9.243.185"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "ftp", "192.110.163.22"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "192.110.163.22"
FF NetworkProxy: "gopher_port", 3128
FF NetworkProxy: "http", "192.110.163.22"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.110.163.22"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "ssl", "192.110.163.22"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flash Video Downloader - C:\Users\Gauner\AppData\Roaming\Mozilla\Firefox\Profiles\ezvfzftv.Linux\Extensions\artur.dubovoy@gmail.com [2014-01-27]
FF Extension: TVU Web Player - C:\Users\Gauner\AppData\Roaming\Mozilla\Firefox\Profiles\ezvfzftv.Linux\Extensions\firefox@tvunetworks.com [2012-06-28]
FF Extension: YouTube Unblocker - C:\Users\Gauner\AppData\Roaming\Mozilla\Firefox\Profiles\ezvfzftv.Linux\Extensions\youtubeunblocker@unblocker.yt [2013-10-24]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Gauner\AppData\Roaming\Mozilla\Firefox\Profiles\ezvfzftv.Linux\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-18]
FF Extension: PDF Download - C:\Users\Gauner\AppData\Roaming\Mozilla\Firefox\Profiles\ezvfzftv.Linux\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2012-06-28]
FF Extension: Flashblock - C:\Users\Gauner\AppData\Roaming\Mozilla\Firefox\Profiles\ezvfzftv.Linux\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-17]
FF Extension: IE Tab - C:\Users\Gauner\AppData\Roaming\Mozilla\Firefox\Profiles\ezvfzftv.Linux\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-05-06]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Gauner\AppData\Roaming\Mozilla\Firefox\Profiles\ezvfzftv.Linux\Extensions\elemhidehelper@adblockplus.org.xpi [2012-06-28]
FF Extension: Ghostery - C:\Users\Gauner\AppData\Roaming\Mozilla\Firefox\Profiles\ezvfzftv.Linux\Extensions\firefox@ghostery.com.xpi [2013-12-12]
FF Extension: YouTube to MP3 - C:\Users\Gauner\AppData\Roaming\Mozilla\Firefox\Profiles\ezvfzftv.Linux\Extensions\info@sharkcube.com.xpi [2012-08-13]
FF Extension: Proxy Tool - C:\Users\Gauner\AppData\Roaming\Mozilla\Firefox\Profiles\ezvfzftv.Linux\Extensions\proxytool@proxylist.co.xpi [2013-06-06]
FF Extension: NoScript - C:\Users\Gauner\AppData\Roaming\Mozilla\Firefox\Profiles\ezvfzftv.Linux\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-06-28]
FF Extension: Adblock Plus - C:\Users\Gauner\AppData\Roaming\Mozilla\Firefox\Profiles\ezvfzftv.Linux\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-28]
FF Extension: DownThemAll! - C:\Users\Gauner\AppData\Roaming\Mozilla\Firefox\Profiles\ezvfzftv.Linux\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-06-28]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-02-25]
========================== Services (Whitelisted) =================
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660520 2009-09-12] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2012-06-29] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 fsproflt; C:\Windows\system32\fsproflt.exe [68832 2010-10-25] (FSPro Labs)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [687400 2011-11-25] (Nero AG)
R2 NgVpnMgr; C:\Windows\system32\ngvpnmgr.exe [343848 2013-04-26] (Aventail Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [130248 2013-10-16] (Sandboxie Holdings, LLC)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 TunnelBearMaintenance; C:\Program Files\TunnelBear\TBear.Maintenance.exe [16664 2013-11-25] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [41912 2010-07-22] (FSPro Labs)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [40648 2013-04-24] (AnchorFree Inc.)
S3 NgFilter; C:\Windows\System32\DRIVERS\ngfilter.sys [23112 2013-04-24] (Aventail Corporation)
R3 NgLog; C:\Windows\System32\DRIVERS\nglog.sys [27208 2013-04-24] (Aventail Corporation)
R3 NgVpn; C:\Windows\System32\DRIVERS\ngvpn.sys [81480 2013-04-24] (Aventail Corporation)
R3 NgWfp; C:\Windows\System32\DRIVERS\ngwfp.sys [25160 2013-04-24] (Aventail Corporation)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [159840 2013-10-16] (Sandboxie Holdings, LLC)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2013-09-25] (The OpenVPN Project)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-04-24] (Anchorfree Inc.)
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2012-06-29] (Acronis)
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [84544 2012-06-28] (Acronis)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-28 06:10 - 2014-01-28 06:10 - 00015131 _____ C:\Users\Gauner\Desktop\FRST.txt
2014-01-28 06:10 - 2014-01-28 06:10 - 00000000 ____D C:\FRST
2014-01-28 06:09 - 2014-01-28 06:09 - 00000474 _____ C:\Users\Gauner\Desktop\defogger_disable.log
2014-01-28 06:09 - 2014-01-28 06:09 - 00000000 _____ C:\Users\Gauner\defogger_reenable
2014-01-28 06:07 - 2014-01-28 06:07 - 00370971 _____ C:\Users\Gauner\Desktop\gmer_2.1.19355.zip
2014-01-28 06:06 - 2014-01-28 06:06 - 01622528 _____ (Farbar) C:\Users\Gauner\Desktop\FRST.exe
2014-01-28 06:06 - 2014-01-28 06:06 - 00050477 _____ C:\Users\Gauner\Desktop\Defogger.exe
2014-01-08 13:33 - 2014-01-08 13:33 - 00000000 ____D C:\Windows\system32\Adobe
2014-01-08 07:02 - 2014-01-20 08:50 - 00000000 ____D C:\Program Files\TunnelBear
2014-01-08 07:02 - 2014-01-08 08:26 - 00000000 ____D C:\Users\Gauner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TunnelBear
2014-01-08 07:02 - 2014-01-08 07:02 - 00001897 _____ C:\Users\Gauner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TunnelBear.lnk
2014-01-08 07:02 - 2014-01-08 07:02 - 00000000 ____D C:\Users\Gauner\AppData\Local\IsolatedStorage
==================== One Month Modified Files and Folders =======
2014-01-28 06:10 - 2014-01-28 06:10 - 00015131 _____ C:\Users\Gauner\Desktop\FRST.txt
2014-01-28 06:10 - 2014-01-28 06:10 - 00000000 ____D C:\FRST
2014-01-28 06:09 - 2014-01-28 06:09 - 00000474 _____ C:\Users\Gauner\Desktop\defogger_disable.log
2014-01-28 06:09 - 2014-01-28 06:09 - 00000000 _____ C:\Users\Gauner\defogger_reenable
2014-01-28 06:09 - 2012-06-28 09:26 - 00000000 ____D C:\Users\Gauner
2014-01-28 06:07 - 2014-01-28 06:07 - 00370971 _____ C:\Users\Gauner\Desktop\gmer_2.1.19355.zip
2014-01-28 06:06 - 2014-01-28 06:06 - 01622528 _____ (Farbar) C:\Users\Gauner\Desktop\FRST.exe
2014-01-28 06:06 - 2014-01-28 06:06 - 00050477 _____ C:\Users\Gauner\Desktop\Defogger.exe
2014-01-28 05:59 - 2010-11-20 22:01 - 01619760 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-28 05:52 - 2009-07-14 05:34 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-28 05:52 - 2009-07-14 05:34 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-28 05:48 - 2012-12-24 14:23 - 02088807 _____ C:\Windows\WindowsUpdate.log
2014-01-28 05:46 - 2012-11-15 18:56 - 00000000 ____D C:\Users\Gauner\AppData\Roaming\Dropbox
2014-01-28 05:44 - 2013-12-14 16:04 - 00004368 _____ C:\Windows\setupact.log
2014-01-28 05:44 - 2013-08-14 15:59 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-28 05:44 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-27 16:35 - 2012-07-21 06:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-27 16:15 - 2013-08-14 15:59 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-27 15:47 - 2014-01-27 11:33 - 00000000 ____D C:\Windows\erdnt
2014-01-27 15:47 - 2013-12-20 06:57 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-27 15:47 - 2012-10-03 18:33 - 00000000 ____D C:\ProgramData\Aventail
2014-01-27 15:47 - 2012-06-28 11:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-27 15:47 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\wfp
2014-01-27 15:47 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2014-01-27 15:47 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2014-01-27 15:27 - 2013-07-02 05:46 - 00000000 ____D C:\Qoobox
2014-01-27 06:37 - 2013-10-16 15:14 - 00000000 ____D C:\ProgramData\Oracle
2014-01-23 11:00 - 2013-11-14 09:08 - 00000000 ____D C:\Users\Gauner\Desktop\T11
2014-01-20 08:50 - 2014-01-08 07:02 - 00000000 ____D C:\Program Files\TunnelBear
2014-01-20 08:34 - 2013-11-20 13:12 - 00000000 ____D C:\Users\Gauner\Desktop\Bewerbung Berufseinstieg 2014
2014-01-16 13:10 - 2013-12-04 12:32 - 00009482 _____ C:\Users\Gauner\Desktop\Microsoft Excel-Arbeitsblatt (neu).xlsx
2014-01-16 11:15 - 2009-07-14 05:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-14 08:58 - 2013-12-05 08:41 - 00001520 _____ C:\Windows\Sandboxie.ini
2014-01-08 13:33 - 2014-01-08 13:33 - 00000000 ____D C:\Windows\system32\Adobe
2014-01-08 08:26 - 2014-01-08 07:02 - 00000000 ____D C:\Users\Gauner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TunnelBear
2014-01-08 07:02 - 2014-01-08 07:02 - 00001897 _____ C:\Users\Gauner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TunnelBear.lnk
2014-01-08 07:02 - 2014-01-08 07:02 - 00000000 ____D C:\Users\Gauner\AppData\Local\IsolatedStorage
2013-12-30 19:47 - 2013-10-13 16:33 - 00000000 ____D C:\Users\Gauner\Desktop\Bilder
Some content of TEMP:
====================
C:\Users\Gauner\AppData\Local\temp\avgnt.exe
C:\Users\Gauner\AppData\Local\temp\DataCard_Setup.exe
C:\Users\Gauner\AppData\Local\temp\Shockwave_Installer_FF.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-28 16:48
==================== End Of Log ============================
Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2014
Ran by Gauner at 2014-01-28 06:11:10
Running from C:\Users\Gauner\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20 (Version: - )
Acronis True Image Home (Version: 13.0.5055 - Acronis)
Adobe Acrobat XI Pro (Version: 11.0.03 - Adobe Systems)
Adobe Digital Editions 2.0 (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (Version: 12.0.7.148 - Adobe Systems, Inc.)
Audio Recorder for Free v12.9.8 (Version: - Copyright(C) 2006-2012 AudioToolMedia Software.)
Aventail Access Manager (HKCU Version: 10.61.165 - SonicWALL Inc)
Aventail Access Manager (Version: 10.61.165 - SonicWALL Inc) Hidden
Aventail Connect (Version: 10.63.241 - SonicWALL Aventail)
Aventail Web Proxy Agent (Version: 10.61.130 - SonicWALL Inc)
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Biet-O-Matic v2.14.8 (Version: 2.14.8 - BOM Development Team)
Brother MFL-Pro Suite MFC-7820N (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (Version: 3.20 - Piriform)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
DVD Shrink 3.2 deutsch (DeCSS-frei) (Version: - DVD Shrink)
Flashtool (Version: 0.9.10.1 - Androxyde)
Foxit Reader (Version: - )
Free Video Joiner (Version: - FreeVideoJoiner.com)
Google Earth Plug-in (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Hide Folders 2009 3.6 (Version: 3.6 - FSPro Labs)
HyperSnap 7 (Version: 7.17.00 - Hyperionics Technology LLC)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1892 - Intel Corporation)
Intel(R) TV Wizard (Version: - Intel Corporation)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 2 (Version: 2.0 - AppWork GmbH)
Launch Manager (Version: 3.0.04 - Acer Inc.)
Light Image Resizer 4.3.2.2 (Version: 4.3.2.2 - ObviousIdea)
Logitech High Quality Video (Version: 12.10.1113 - Logitech, Inc.) Hidden
Logitech Webcam Software-Treiberpaket (Version: 12.10.1110 - Logitech Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Fix it Center (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
MiniTool Partition Wizard Home Edition 8.0 (Version: - MiniTool Solution Ltd.)
MOBackup - Datensicherung für Outlook (Vollversion) (Version: 6.90 - Heiko Schröder)
MozBackup 1.5.1 (Version: - Pavel Cvrcek)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MyPhoneExplorer (Version: 1.8.4 - F.J. Wechselberger)
Nero Burning ROM 11 (Version: 11.2.00400 - Nero AG)
Nero Burning ROM 11 (Version: 11.2.10300.0.0 - Nero AG) Hidden
Nero Burning ROM 11 Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero ControlCenter 11 (Version: 11.0.12700.0.27 - Nero AG) Hidden
Nero ControlCenter 11 Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero Core Components 11 (Version: 11.0.16300.1.23 - Nero AG) Hidden
Nero RescueAgent 11 (Version: 4.0.10600.10.100 - Nero AG) Hidden
Nero RescueAgent 11 Help (CHM) (Version: 11.0.10400 - Nero AG) Hidden
Nero Update (Version: 11.0.11500.28.0 - Nero AG) Hidden
nero.prerequisites.msi (Version: 11.0.20010 - Nero AG) Hidden
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
pdfsam (HKCU Version: 2.2.1 - )
Samsung Kies (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.06 (32-bit) (Version: 4.06 - Sandboxie Holdings, LLC)
Skype™ 6.3 (Version: 6.3.105 - Skype Technologies S.A.)
Sony Ericsson Update Engine (Version: 2.13.1.38 - Sony Ericsson Communications AB)
Sony Mobile Update Service (Version: 2.12.15.18 - Sony Mobile Communications AB)
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
SRWare Iron Version SRWare Iron 30.0.1650.0 (Version: SRWare Iron 30.0.1650.0 - SRWare)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TunnelBear 2.1.2.0 (Version: 2.1.2.0 - TunnelBear)
Unlocker 1.9.1 (Version: 1.9.1 - Cedrick Collomb)
VirtualCloneDrive (Version: - Elaborate Bytes)
VLC media player 2.0.1 (Version: 2.0.1 - VideoLAN)
Winamp (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
WISO Steuer-Sparbuch 2013 (Version: 20.00.8137 - Buhl Data Service GmbH)
XMedia Recode 2.1.4.6 (Version: 2.1.4.6 - Sebastian Dörfler)
Your Uninstaller! 7 (Version: 7.4.2012.5 - URSoft, Inc.)
==================== Restore Points =========================
27-01-2014 14:10:18
==================== Hosts content: ==========================
2009-07-14 03:04 - 2012-10-28 13:35 - 00001115 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {47A41D85-1930-4D6D-919A-281956A76F5E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {51DAF084-2FEA-43CC-9DC5-BE1AC5F28732} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-14] (Google Inc.)
Task: {75DCF195-7107-45AD-86F3-16916872E5A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {B407B51B-CCE7-4745-B861-57858FE0B07D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-14] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Gauner\AppData\Roaming\Dropbox\bin\libcef.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-12-18 20:08 - 2012-12-18 20:08 - 00131072 _____ () C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Locale\de_de\PDFMaker\PDFMOutlookAddin.DEU
2012-12-18 20:08 - 2012-12-18 20:08 - 03990248 _____ () C:\Program Files\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll
2012-12-18 20:08 - 2012-12-18 20:08 - 01446912 _____ () C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Locale\de_DE\PDFMaker\AdobePDFMakerX.DEU
2010-02-28 01:55 - 2010-02-28 01:55 - 01040736 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2013-12-20 06:57 - 2013-12-20 06:57 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:BC359956
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\fsproflt => ""="Service"
==================== Faulty Device Manager Devices =============
Name: Atheros AR5B91-Drahtlosnetzwerkadapter
Description: Atheros AR5B91-Drahtlosnetzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Acronis Virtual Disk Bus
Description: Acronis Virtual Disk Bus
Class Guid: {1860459d-4692-4825-b761-44a725991050}
Manufacturer: Acronis, Inc.
Service: vididr
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/28/2014 05:48:06 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/28 05:48:06.308]: [00000612]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
Error: (01/28/2014 05:44:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/27/2014 05:04:04 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/27 17:04:04.690]: [00000612]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2
Error: (01/27/2014 03:48:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/27/2014 03:41:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/27/2014 03:35:03 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi. Fehlerbeschreibung: (HRESULT : 0x80040154).
Error: (01/27/2014 03:01:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/28/2014 05:58:14 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (01/28/2014 05:58:12 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (01/28/2014 05:58:12 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (01/28/2014 05:44:39 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/27/2014 03:48:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/27/2014 03:41:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/27/2014 03:24:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/27/2014 03:19:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/27/2014 03:14:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/27/2014 03:07:06 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Microsoft Office Sessions:
=========================
Error: (01/28/2014 05:48:06 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/01/28 05:48:06.308]: [00000612]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
Error: (01/28/2014 05:44:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/27/2014 05:04:04 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/01/27 17:04:04.690]: [00000612]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2
Error: (01/27/2014 03:48:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/27/2014 03:41:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/27/2014 03:35:03 PM) (Source: Windows Search Service)(User: )
Description: Mapi(HRESULT : 0x80040154)
Error: (01/27/2014 03:01:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 54%
Total physical RAM: 1976.96 MB
Available physical RAM: 897.45 MB
Total Pagefile: 3953.91 MB
Available Pagefile: 2559.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1874.21 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:58.59 GB) (Free:31.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:90.46 GB) (Free:8.21 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 0AB70AB7)
Partition 1: (Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=90 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Gmer: Code:
GMER 2.1.19355 - hxxp://www.gmer.net
Rootkit scan 2014-01-28 06:39:44
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11 149,05GB
Running: gmer.exe; Driver: C:\Users\Gauner\AppData\Local\Temp\ufdiapog.sys
---- System - GMER 2.1 ----
SSDT 8E6883AE ZwCreateSection
SSDT 8E6883B8 ZwRequestWaitReplyPort
SSDT 8E6883B3 ZwSetContextThread
SSDT 8E6883BD ZwSetSecurityObject
SSDT 8E6883C2 ZwSystemDebugControl
SSDT 8E68834F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 82C44339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7DD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C84EEC 4 Bytes [AE, 83, 68, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82C85248 4 Bytes CALL EB4C0ACF
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82C8528C 4 Bytes [B3, 83, 68, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82C85308 4 Bytes [BD, 83, 68, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82C8535C 4 Bytes JMP EB4C15E3
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3772] ntdll.dll!DbgBreakPoint 776040F0 1 Byte [C3]
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3772] ntdll.dll!DbgUiRemoteBreakin 7766F125 5 Bytes JMP 7762E3B2 C:\Windows\SYSTEM32\ntdll.dll
---- EOF - GMER 2.1 ----
Vielen Dank für die Unterstützung
Kim |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
