| Marillion | 26.11.2013 19:33 |
Windows7: rvzr-a.akamaihd.net im Firefox
Hallo zusammen,
ich bekomme im Firefox ständig Werbe-Einblendungen bzw. Werbe-Seiten von rvzr-a.akamaihd.net.
Im IE ist das offensichtlich nicht so, ich habe aber den Rechner auch schon mit Hilfe von SpyHunter4 "gesäubert".
Hier meine Log-Files:
FRST.txt Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-11-2013 01
Ran by Norbert (administrator) on NORBERT-WIN7 on 26-11-2013 19:03:08
Running from C:\Users\Norbert\Desktop\Trojaner-Board
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Amazon Digital Services, LLC.) C:\Users\Norbert\AppData\Local\Apps\2.0\MOP14MZX.Q3V\XNTRGVCO.HBN\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(Sun Microsystems, Inc.) C:\Users\Norbert\AppData\Local\Apps\2.0\MOP14MZX.Q3V\XNTRGVCO.HBN\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\LocalServiceJre\bin\AmazonCloudDriveW.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-03-26] (Nero AG)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-02] (CyberLink Corp.)
Startup: C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk
ShortcutTarget: Amazon Cloud Drive.lnk -> C:\Users\Norbert\AppData\Local\Apps\2.0\MOP14MZX.Q3V\XNTRGVCO.HBN\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDD94444A0AD0CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\0nb9t0ww.default
FF DefaultSearchEngine: Google SSL (DE)
FF SearchEngineOrder.1: Google
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Google SSL (DE)
FF Homepage: hxxp://google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\0nb9t0ww.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\0nb9t0ww.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\0nb9t0ww.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\0nb9t0ww.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\0nb9t0ww.default\searchplugins\google-language-de.xml
FF SearchPlugin: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\0nb9t0ww.default\searchplugins\google-ssl-de.xml
FF SearchPlugin: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\0nb9t0ww.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\0nb9t0ww.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\0nb9t0ww.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-2.3 - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\0nb9t0ww.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
FF Extension: Plus-HD-3.8 - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\0nb9t0ww.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com
FF Extension: No Name - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\0nb9t0ww.default\Extensions\Extensions.rdf
FF Extension: No Name - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\0nb9t0ww.default\Extensions\installed-extensions.txt
FF Extension: toolbar - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\0nb9t0ww.default\Extensions\toolbar@web.de.xpi
FF Extension: webbooster - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\0nb9t0ww.default\Extensions\webbooster@iminent.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: () - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-10-18] (Enigma Software Group USA, LLC.)
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-27] (DT Soft Ltd)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-12-02] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [30112 2013-02-24] (REALiX(tm))
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-26 18:58 - 2013-11-26 18:58 - 00000168 _____ C:\Users\Norbert\defogger_reenable
2013-11-26 18:55 - 2013-11-26 19:03 - 00000000 ____D C:\Users\Norbert\Desktop\Trojaner-Board
2013-11-26 18:36 - 2013-11-26 18:36 - 01958474 _____ (Farbar) C:\Users\Norbert\Downloads\FRST64.exe
2013-11-25 20:52 - 2013-05-25 10:31 - 00002466 _____ C:\Windows\system32\Drivers\etc\hosts - Kopie
2013-11-24 20:43 - 2013-11-24 20:43 - 00000000 ____D C:\Windows\ERUNT
2013-11-24 20:38 - 2013-11-24 20:38 - 00000000 ____D C:\FRST
2013-11-24 17:55 - 2013-11-24 17:55 - 105952601 _____ C:\Windows\SysWOW64\Ꟈ聤*
2013-11-22 21:49 - 2013-11-22 21:49 - 52155552 _____ C:\Users\Norbert\Downloads\blender-2.69-windows64.exe
2013-11-22 21:44 - 2013-11-22 21:44 - 59387904 _____ C:\Users\Norbert\Downloads\calibre-64bit-1.12.0.msi
2013-11-22 20:53 - 2013-11-22 20:53 - 00247989 _____ C:\spyhunter.log
2013-11-22 19:54 - 2013-11-22 19:54 - 00082249 _____ C:\sh4_service.log
2013-11-22 19:52 - 2013-10-18 15:01 - 00285747 _____ C:\shldr
2013-11-22 19:52 - 2013-10-18 15:01 - 00008192 _____ C:\shldr.mbr
2013-11-22 18:33 - 2013-11-22 18:33 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-22 18:33 - 2013-11-22 18:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-22 18:33 - 2013-11-22 18:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-22 18:33 - 2013-11-22 18:33 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-22 18:33 - 2013-11-22 18:33 - 00000000 ____D C:\Program Files\Java
2013-11-22 18:32 - 2013-11-22 18:32 - 00003342 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2013-11-22 18:32 - 2013-11-22 18:32 - 00002258 _____ C:\Users\Norbert\Desktop\SpyHunter.lnk
2013-11-22 18:32 - 2013-11-22 18:32 - 00000000 ____D C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-11-22 18:32 - 2013-11-22 18:32 - 00000000 ____D C:\sh4ldr
2013-11-22 18:31 - 2013-11-22 18:32 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-22 17:59 - 2013-11-22 18:10 - 00000000 ____D C:\AdwCleaner
2013-11-19 20:57 - 2013-11-19 21:00 - 105225210 _____ C:\Windows\SysWOW64\鲇躉聤š
2013-11-17 12:48 - 2013-11-17 12:48 - 04812567 _____ (Tim Kosse) C:\Users\Norbert\Downloads\FileZilla_3.7.3_win32-setup.exe
2013-11-17 12:37 - 2013-11-22 18:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 18:29 - 2013-10-13 16:58 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 18:29 - 2013-10-13 16:09 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 18:29 - 2013-10-13 15:55 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 18:29 - 2013-10-13 15:48 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 18:29 - 2013-10-13 15:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 18:29 - 2013-10-13 15:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 18:29 - 2013-10-13 15:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 18:29 - 2013-10-13 15:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 18:29 - 2013-10-13 15:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 18:29 - 2013-10-13 15:42 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 18:29 - 2013-10-13 15:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 18:29 - 2013-10-13 15:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 18:29 - 2013-10-13 15:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 18:29 - 2013-10-13 15:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 18:29 - 2013-10-13 15:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 18:29 - 2013-10-13 15:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 18:29 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 18:29 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 18:29 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 18:29 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 18:29 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-14 18:29 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 18:29 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-14 18:29 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 18:29 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 18:29 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-14 18:29 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-14 18:29 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 18:29 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 18:29 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-14 18:29 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 18:29 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 18:11 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 18:11 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 18:11 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 18:11 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 18:11 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 18:11 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 18:11 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 18:11 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 18:11 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 18:11 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 18:11 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 18:11 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 18:11 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 18:11 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 18:11 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 18:11 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 18:11 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 18:11 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 18:11 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 18:11 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 18:11 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 18:11 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 18:11 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 18:11 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 18:11 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 18:11 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 18:11 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 18:11 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 18:11 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 18:11 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-09 18:16 - 2013-11-09 18:16 - 00001737 _____ C:\Users\Norbert\Desktop\Acrobat X.lnk
2013-11-09 16:16 - 2013-11-09 16:16 - 00005207 _____ C:\Users\Norbert\AppData\Local\recently-used.xbel
2013-11-09 14:49 - 2013-11-09 14:52 - 00007168 _____ C:\Users\Norbert\Desktop\Wohnflächenberechnung.xls
2013-11-07 20:19 - 2013-11-07 20:19 - 00000000 ____D C:\Users\Norbert\Desktop\Friedhof
2013-11-06 17:30 - 2013-11-06 17:30 - 00000815 _____ C:\Users\Norbert\Desktop\µTorrent.lnk
2013-11-06 17:30 - 2013-11-06 17:30 - 00000795 _____ C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-11-04 19:56 - 2013-11-04 19:56 - 00001081 _____ C:\Users\Public\Desktop\MPC-HC.lnk
2013-11-04 19:56 - 2013-11-04 19:56 - 00000000 ____D C:\Users\Norbert\AppData\Roaming\Media Player Classic
2013-11-04 19:56 - 2013-11-04 19:56 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2013-11-04 19:53 - 2013-11-04 19:53 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-04 17:40 - 2013-11-04 17:40 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2013-11-02 11:28 - 2013-11-02 11:28 - 00000000 ____D C:\Users\Norbert\AppData\Local\Cyberlink
==================== One Month Modified Files and Folders =======
2013-11-26 19:03 - 2013-11-26 18:55 - 00000000 ____D C:\Users\Norbert\Desktop\Trojaner-Board
2013-11-26 18:58 - 2013-11-26 18:58 - 00000168 _____ C:\Users\Norbert\defogger_reenable
2013-11-26 18:58 - 2012-12-01 22:00 - 00000000 ____D C:\Users\Norbert
2013-11-26 18:54 - 2013-02-24 12:18 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-26 18:47 - 2012-12-02 13:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-26 18:41 - 2012-12-02 15:37 - 00000000 ____D C:\Users\Norbert\AppData\Local\Adobe
2013-11-26 18:38 - 2009-07-14 05:45 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-26 18:38 - 2009-07-14 05:45 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-26 18:36 - 2013-11-26 18:36 - 01958474 _____ (Farbar) C:\Users\Norbert\Downloads\FRST64.exe
2013-11-26 18:35 - 2011-04-12 08:43 - 00700794 _____ C:\Windows\system32\perfh007.dat
2013-11-26 18:35 - 2011-04-12 08:43 - 00149974 _____ C:\Windows\system32\perfc007.dat
2013-11-26 18:35 - 2009-07-14 06:13 - 01619110 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-26 18:34 - 2012-12-01 22:00 - 01534610 _____ C:\Windows\WindowsUpdate.log
2013-11-26 18:31 - 2013-02-24 12:18 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-26 18:31 - 2012-12-01 22:36 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-11-26 18:31 - 2012-12-01 11:11 - 00000073 _____ C:\service.log
2013-11-26 18:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-26 18:30 - 2009-07-14 05:51 - 00072502 _____ C:\Windows\setupact.log
2013-11-26 18:29 - 2013-05-12 09:35 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-26 18:29 - 2013-03-30 11:21 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-26 18:29 - 2013-03-30 11:21 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-26 18:29 - 2013-03-30 11:21 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-25 20:51 - 2012-12-02 18:57 - 00000000 ____D C:\Users\Norbert\AppData\Roaming\vlc
2013-11-24 20:43 - 2013-11-24 20:43 - 00000000 ____D C:\Windows\ERUNT
2013-11-24 20:38 - 2013-11-24 20:38 - 00000000 ____D C:\FRST
2013-11-24 20:29 - 2013-05-25 09:59 - 00000000 ____D C:\Users\Norbert\AppData\Roaming\FileZilla
2013-11-24 17:55 - 2013-11-24 17:55 - 105952601 _____ C:\Windows\SysWOW64\Ꟈ聤*
2013-11-22 21:51 - 2013-02-24 11:00 - 00001897 _____ C:\Users\Public\Desktop\Blender.lnk
2013-11-22 21:49 - 2013-11-22 21:49 - 52155552 _____ C:\Users\Norbert\Downloads\blender-2.69-windows64.exe
2013-11-22 21:47 - 2012-12-22 15:57 - 00000930 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2013-11-22 21:47 - 2012-12-22 15:57 - 00000000 ____D C:\Program Files\Calibre2
2013-11-22 21:44 - 2013-11-22 21:44 - 59387904 _____ C:\Users\Norbert\Downloads\calibre-64bit-1.12.0.msi
2013-11-22 21:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-22 20:53 - 2013-11-22 20:53 - 00247989 _____ C:\spyhunter.log
2013-11-22 19:54 - 2013-11-22 19:54 - 00082249 _____ C:\sh4_service.log
2013-11-22 18:33 - 2013-11-22 18:33 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-22 18:33 - 2013-11-22 18:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-22 18:33 - 2013-11-22 18:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-22 18:33 - 2013-11-22 18:33 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-22 18:33 - 2013-11-22 18:33 - 00000000 ____D C:\Program Files\Java
2013-11-22 18:33 - 2013-10-23 17:28 - 00000000 ____D C:\ProgramData\Oracle
2013-11-22 18:32 - 2013-11-22 18:32 - 00003342 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2013-11-22 18:32 - 2013-11-22 18:32 - 00002258 _____ C:\Users\Norbert\Desktop\SpyHunter.lnk
2013-11-22 18:32 - 2013-11-22 18:32 - 00000000 ____D C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-11-22 18:32 - 2013-11-22 18:32 - 00000000 ____D C:\sh4ldr
2013-11-22 18:32 - 2013-11-22 18:31 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-22 18:10 - 2013-11-22 17:59 - 00000000 ____D C:\AdwCleaner
2013-11-22 18:07 - 2013-11-17 12:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-22 18:07 - 2013-09-28 19:31 - 00000000 ____D C:\Windows\System32\Tasks\ProtectedSearch
2013-11-22 18:07 - 2013-09-28 19:31 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-11-22 17:54 - 2012-12-02 13:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-22 17:54 - 2012-12-02 13:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-22 17:54 - 2012-12-02 13:50 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-22 17:53 - 2013-07-10 18:12 - 01085542 _____ C:\Users\Norbert\Downloads\adwcleaner.exe
2013-11-20 17:58 - 2013-05-18 16:54 - 00000000 ____D C:\Users\Norbert\AppData\Roaming\uTorrent
2013-11-20 17:43 - 2012-12-31 11:38 - 00000000 ____D C:\Users\Norbert\Documents\My Kindle Content
2013-11-19 21:00 - 2013-11-19 20:57 - 105225210 _____ C:\Windows\SysWOW64\鲇躉聤š
2013-11-18 19:59 - 2013-05-14 19:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 13:42 - 2013-05-03 10:48 - 00000000 ____D C:\Qoobox
2013-11-17 13:14 - 2010-11-21 04:47 - 00213858 _____ C:\Windows\PFRO.log
2013-11-17 12:48 - 2013-11-17 12:48 - 04812567 _____ (Tim Kosse) C:\Users\Norbert\Downloads\FileZilla_3.7.3_win32-setup.exe
2013-11-17 12:48 - 2013-05-25 09:58 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-11-14 18:29 - 2013-08-31 20:31 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 18:28 - 2012-12-01 22:45 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-09 18:16 - 2013-11-09 18:16 - 00001737 _____ C:\Users\Norbert\Desktop\Acrobat X.lnk
2013-11-09 17:51 - 2013-05-18 16:52 - 00000000 ____D C:\Users\Norbert\Desktop\Torrenz
2013-11-09 17:48 - 2012-12-02 18:51 - 00000000 ____D C:\Users\Norbert\.gimp-2.8
2013-11-09 16:16 - 2013-11-09 16:16 - 00005207 _____ C:\Users\Norbert\AppData\Local\recently-used.xbel
2013-11-09 15:16 - 2013-05-25 18:13 - 05831344 _____ (TeamViewer GmbH) C:\Users\Norbert\Desktop\TeamViewer_Setup_de.exe
2013-11-09 14:52 - 2013-11-09 14:49 - 00007168 _____ C:\Users\Norbert\Desktop\Wohnflächenberechnung.xls
2013-11-07 20:19 - 2013-11-07 20:19 - 00000000 ____D C:\Users\Norbert\Desktop\Friedhof
2013-11-07 18:19 - 2012-09-22 04:14 - 00000000 ___HD C:\Users\Norbert\AppData\Local\uyLVy0Aa
2013-11-07 18:19 - 2011-06-05 16:01 - 00000000 ___HD C:\Users\Norbert\AppData\Local\l3oCvODrPY78
2013-11-06 17:30 - 2013-11-06 17:30 - 00000815 _____ C:\Users\Norbert\Desktop\µTorrent.lnk
2013-11-06 17:30 - 2013-11-06 17:30 - 00000795 _____ C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-11-04 19:56 - 2013-11-04 19:56 - 00001081 _____ C:\Users\Public\Desktop\MPC-HC.lnk
2013-11-04 19:56 - 2013-11-04 19:56 - 00000000 ____D C:\Users\Norbert\AppData\Roaming\Media Player Classic
2013-11-04 19:56 - 2013-11-04 19:56 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2013-11-04 19:53 - 2013-11-04 19:53 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-04 17:40 - 2013-11-04 17:40 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2013-11-02 11:28 - 2013-11-02 11:28 - 00000000 ____D C:\Users\Norbert\AppData\Local\Cyberlink
2013-11-02 11:24 - 2012-12-14 12:10 - 00000600 _____ C:\Users\Norbert\AppData\Local\PUTTY.RND
ZeroAccess:
C:\Windows\Installer\{cb08491e-4e44-56c6-3f18-cdc8aaf2bd99}
Files to move or delete:
====================
C:\Users\Norbert\AppData\Roaming\Camdata.ini
C:\Users\Norbert\AppData\Roaming\CamLayout.ini
C:\Users\Norbert\AppData\Roaming\CamShapes.ini
Some content of TEMP:
====================
C:\Users\Norbert\AppData\Local\Temp\avgnt.exe
C:\Users\Norbert\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-22 21:13
==================== End Of Log ============================
Addition.txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2013 01
Ran by Norbert at 2013-11-26 19:04:16
Running from C:\Users\Norbert\Desktop\Trojaner-Board
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
@BIOS (x32 Version: 2.24)
µTorrent (HKCU Version: 3.3.2.30180)
3TB+Unlock B11.0919.1 (x32 Version: 1.00.0001)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ActiveState ActivePython 2.7.2.5 (32-bit) (x32 Version: 2.7.5)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.8)
Adobe AIR (x32 Version: 3.8.0.1280)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Encore CS6 Library (x32 Version: 6.0.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Premiere Pro CS6 Functional Content (x32 Version: 6.0.0)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
Adobe® Content Viewer (x32 Version: 3.3.0)
Amazon Cloud Drive (HKCU Version: 2.0.2013.841)
Amazon Kindle (HKCU)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0328.2218.38225)
AMD Media Foundation Decoders (Version: 1.0.80328.2204)
AMD Steady Video Plug-In (Version: 2.06.0000)
AMD USB Filter Driver (x32 Version: 1.0.15.94)
AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000)
Avira Free Antivirus (x32 Version: 14.0.1.749)
bl (x32 Version: 1.0.0)
Blender (Version: 2.69)
Browser Updater 1.1 (x32)
calibre 64bit (Version: 1.12.0)
CamStudio Lossless Codec v1.5 (x32 Version: 1.5)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225)
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225)
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225)
CCC Help Czech (x32 Version: 2013.0328.2217.38225)
CCC Help Danish (x32 Version: 2013.0328.2217.38225)
CCC Help Dutch (x32 Version: 2013.0328.2217.38225)
CCC Help English (x32 Version: 2013.0328.2217.38225)
CCC Help Finnish (x32 Version: 2013.0328.2217.38225)
CCC Help French (x32 Version: 2013.0328.2217.38225)
CCC Help German (x32 Version: 2013.0328.2217.38225)
CCC Help Greek (x32 Version: 2013.0328.2217.38225)
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225)
CCC Help Italian (x32 Version: 2013.0328.2217.38225)
CCC Help Japanese (x32 Version: 2013.0328.2217.38225)
CCC Help Korean (x32 Version: 2013.0328.2217.38225)
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225)
CCC Help Polish (x32 Version: 2013.0328.2217.38225)
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225)
CCC Help Russian (x32 Version: 2013.0328.2217.38225)
CCC Help Spanish (x32 Version: 2013.0328.2217.38225)
CCC Help Swedish (x32 Version: 2013.0328.2217.38225)
CCC Help Thai (x32 Version: 2013.0328.2217.38225)
CCC Help Turkish (x32 Version: 2013.0328.2217.38225)
ccc-utility64 (Version: 2013.0328.2218.38225)
CyberLink PowerDVD 10 (x32 Version: 10.0.2312.02)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Dolby Home Theater v4 (x32 Version: 7.2.7000.7)
Easy Tune 6 B12.0509.1 (x32 Version: 1.00.0000)
EasySaver B9.1214.1 (x32 Version: 1.00.0000)
Etron USB3.0 Host Controller (x32 Version: 0.104)
FileZilla Client 3.7.3 (x32 Version: 3.7.3)
GIMP 2.8.2 (Version: 2.8.2)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0)
HomeTab 4.7 (x32 Version: 4.7)
HWiNFO64 Version 4.16 (Version: 4.16)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
JDownloader 0.9 (x32 Version: 0.9)
LibreOffice 3.6 (x32 Version: 3.6.7.2)
LibreOffice 3.6 Help Pack (German) (x32 Version: 3.6.7.2)
LightScribe System Software (x32 Version: 1.18.27.10)
MapCreator 2 (x32 Version: 2.0)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709)
Microsoft Advertising SDK for Windows Phone - DEU (x32 Version: 5.2.819.0)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Expression Blend 3 SDK (x32 Version: 1.0.1343.0)
Microsoft Expression Blend 4 (x32 Version: 4.0.30816.0)
Microsoft Expression Blend 4 Add-in for Adobe FXG Import (x32 Version: 1.0.20817.0)
Microsoft Expression Blend SDK for .NET 4 (x32 Version: 2.0.20621.0)
Microsoft Expression Blend SDK for Silverlight 4 (x32 Version: 2.0.20621.0)
Microsoft Expression Blend SDK for Windows Phone 7 (x32 Version: 2.0.20901.0)
Microsoft Expression Blend SDK for Windows Phone OS 7.1 (x32 Version: 2.0.30816.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.2.3.0)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Silverlight 3 SDK (x32 Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK - Deutsch (x32 Version: 4.0.60310.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - DEU (x32 Version: 10.1.40219)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy) (x32 Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 Refresh (ARP entry) (x32 Version: 4.0.30901.0)
Microsoft XNA Game Studio 4.0 Refresh (Redists) (x32 Version: 4.0.30901.0)
Microsoft XNA Game Studio 4.0 Refresh (Shared Components) (x32 Version: 4.0.30901.0)
Microsoft XNA Game Studio 4.0 Refresh (Visual Studio) (x32 Version: 4.0.30901.0)
Microsoft XNA Game Studio 4.0 Refresh (x32 Version: 4.0.30901.0)
Microsoft XNA Game Studio 4.0 Refresh Language Pack (de-DE) (x32 Version: 4.0.30912.0)
Microsoft XNA Game Studio Platform Tools (x32 Version: 1.4.0.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MPC-HC 1.7.0 (x32 Version: 1.7.0.7858)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.0.10600.6.0)
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0)
Nero BackItUp 10 (x32 Version: 5.4.11600.19.100)
Nero BackItUp 10 Help (CHM) (x32 Version: 1.0.10700)
Nero Burning ROM 10 (x32 Version: 10.0.11100.10.100)
Nero BurningROM 10 Help (CHM) (x32 Version: 1.0.10700)
Nero BurnRights 10 (x32 Version: 4.0.11000.12.100)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10600)
Nero Control Center 10 (x32 Version: 10.0.12000.1.4)
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700)
Nero Core Components 10 (x32 Version: 2.0.13700.0.1)
Nero CoverDesigner 10 (x32 Version: 5.0.10900.11.100)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10600)
Nero DiscSpeed 10 (x32 Version: 6.0.10800.7.100)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10600)
Nero Dolby Files 10 (x32 Version: 2.0.11000.0.10)
Nero Express 10 (x32 Version: 10.0.11000.10.100)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10700)
Nero InfoTool 10 (x32 Version: 7.0.10800.8.100)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10600)
Nero MediaHub 10 (x32 Version: 1.0.13400.11.100)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10700)
Nero Multimedia Suite 10 (x32 Version: 10.0.13100)
Nero Recode 10 (x32 Version: 4.6.10900.4.100)
Nero Recode 10 Help (CHM) (x32 Version: 1.0.10600)
Nero RescueAgent 10 (x32 Version: 3.0.10900.9.100)
Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10700)
Nero SoundTrax 10 (x32 Version: 4.6.10600.2.100)
Nero SoundTrax 10 Help (CHM) (x32 Version: 1.0.10600)
Nero StartSmart 10 (x32 Version: 10.0.11200.12.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10700)
Nero Update (x32 Version: 1.0.0017)
Nero Vision 10 (x32 Version: 7.0.11100.8.100)
Nero Vision 10 Help (CHM) (x32 Version: 1.0.10600)
Nero WaveEditor 10 (x32 Version: 5.6.10600.2.100)
Nero WaveEditor 10 Help (CHM) (x32 Version: 1.0.10600)
Notepad++ (x32 Version: 6.3.2)
NVIDIA PhysX (Legacy) (x32 Version: 9.12.1031)
NVIDIA PhysX (x32 Version: 9.12.1031)
ON_OFF Charge B11.1102.1 (x32 Version: 1.00.0001)
OpenAL (x32)
PDF Settings CS6 (x32 Version: 11.0)
ph (x32 Version: 1.0.0)
Python 2.7 pycrypto-2.1.0 (HKCU)
QuickTime (x32 Version: 7.74.80.86)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6409)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6482)
SpyHunter (Version: 4.16.5.4290)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Zip Extractor (HKCU)
VIS (x32)
VLC media player 2.0.8 (x32 Version: 2.0.8)
WCF Data Services SDK for Windows Phone (x32 Version: 4.7.6.0)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Windows Phone Device Manager (x32 Version: 1.10.0.0)
Windows Phone Emulator x64 - DEU (Version: 10.0.40219)
Windows Phone SDK 7.1 - Deutsch (x32 Version: 10.1.40219)
Windows Phone SDK 7.1 Add-in for Visual Studio 2010 - DEU (x32 Version: 10.0.40219)
Windows Phone SDK 7.1 Assemblies - deu (x32 Version: 10.0.40219)
Windows Phone SDK 7.1 Extensions for XNA Game Studio 4.0 (x32 Version: 4.0.30901.0)
WISO Steuer-Sparbuch 2013 (x32 Version: 20.00.8137)
WPF Toolkit February 2010 (Version 3.5.50211.1) (x32 Version: 3.5.50211.1)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)
==================== Restore Points =========================
22-11-2013 17:31:52 Installed SpyHunter
22-11-2013 17:32:40 Installed Java 7 Update 45 (64-bit)
22-11-2013 20:45:15 Installed calibre 64bit
==================== Hosts content: ==========================
2012-12-02 15:32 - 2013-11-26 18:33 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {011E8DBF-A0AD-44A8-BCFC-F653A37E0A06} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
Task: {24C752BF-B01A-46B3-B6C7-E0692F9A837C} - \ProtectedSearch\Protected Search No Task File
Task: {2BB1DD0F-EE10-4471-BFCD-6B3CE2A7BC6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24] (Google Inc.)
Task: {38CBCF72-3384-46A2-A266-C5A82B0AA2B8} - \Plus-HD-2.3-firefoxinstaller No Task File
Task: {524431E3-1C71-4AC2-B463-DDE2CAD8A33A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24] (Google Inc.)
Task: {5317AE21-786E-49CC-8EEC-7FDC1526DF78} - \Browser Updater\Browser Updater No Task File
Task: {54F5D0D5-94B6-413E-9625-5B0BD4F8EE72} - \EPUpdater No Task File
Task: {5DC4DC46-8DA6-4BBE-B62D-61A51009EF49} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-22] (Adobe Systems Incorporated)
Task: {70903157-DE04-4697-9D0B-B81BCD211187} - \Desk 365 RunAsStdUser No Task File
Task: {7A9572A3-16A0-4C52-8E45-81A53C9599F1} - \Plus-HD-3.8-firefoxinstaller No Task File
Task: {7F7DE8B5-2426-4F03-8E32-AE928FC59086} - \Plus-HD-3.8-codedownloader No Task File
Task: {84BD4342-608E-4E47-9F72-2111C2474143} - \DigitalSite No Task File
Task: {878A19A0-F520-45C0-91DD-AEA0EA621AFB} - \Plus-HD-2.3-codedownloader No Task File
Task: {99051A61-9932-4790-9283-3331FD2FDDB8} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {AF348F39-7287-4C14-A92F-AA6FEEF231E0} - \Plus-HD-3.8-enabler No Task File
Task: {B377636E-9D63-4084-B6B2-A4F412C6B389} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BCAFF634-0203-49CD-BC07-712AAF6717A5} - System32\Tasks\AdobeAAMUpdater-1.0-Norbert-Win7-Norbert => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {C914E2E5-30D8-4AC4-BF8B-A209BB9ECA13} - \Plus-HD-3.8-updater No Task File
Task: {CDD91CBA-4FCA-441A-9987-EEF2279AF32C} - \Plus-HD-2.3-enabler No Task File
Task: {D8CCF780-0882-4724-AF01-CC8196E7F34D} - \Express FilesUpdate No Task File
Task: {E17BF313-BE3B-4A3C-BBD5-A7FA5E1BBB5F} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2013-10-18] (Enigma Software Group USA, LLC.)
Task: {FB51065F-8D0F-49E6-94CF-EFACA6CB3017} - \Plus-HD-2.3-updater No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-03-28 21:31 - 2013-03-28 21:31 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 12:53 - 2012-09-23 12:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-23 12:53 - 2012-09-23 12:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-12-01 22:29 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-09-03 14:54 - 2013-09-03 14:54 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2013-05-03 17:34 - 2013-11-26 18:31 - 00046080 _____ () C:\Users\Norbert\AppData\Local\Apps\2.0\MOP14MZX.Q3V\XNTRGVCO.HBN\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\NativeOperations.dll
2013-11-22 19:54 - 2013-11-22 19:54 - 00541696 _____ () C:\Users\Norbert\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
2013-08-07 20:25 - 2013-08-07 20:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Norbert\Cookies:6E9xEw6QPv28FjIjNup8Qz
AlternateDataStreams: C:\Users\Norbert\AppData\Local\l3oCvODrPY78:5XSFC50ZJxrZqb3hMA14
AlternateDataStreams: C:\Users\Norbert\AppData\Local\Temp:84fhZRBQykpLdBXwdf5xML
AlternateDataStreams: C:\Users\Norbert\AppData\Local\uyLVy0Aa:bvmXhoSJsYu53gbyCVCjZzA
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/26/2013 06:32:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/26/2013 06:26:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2013 05:59:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2013 05:58:47 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: SHLWAPI.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9ab
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000011143
ID des fehlerhaften Prozesses: 0xa24
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (11/24/2013 11:56:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/24/2013 11:55:03 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xd8c
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (11/23/2013 11:58:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/22/2013 07:56:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/22/2013 06:13:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/22/2013 05:40:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (11/26/2013 06:24:29 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 25.11.2013 um 21:51:56 unerwartet heruntergefahren.
Error: (11/25/2013 05:57:44 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 25.11.2013 um 17:56:11 unerwartet heruntergefahren.
Error: (11/23/2013 00:09:26 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error: (11/23/2013 00:09:25 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error: (11/23/2013 00:09:25 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error: (11/23/2013 00:09:24 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error: (11/20/2013 05:46:12 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Zune Windows Mobile Connectivity Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/20/2013 05:26:23 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (11/20/2013 05:26:23 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (11/18/2013 07:59:40 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen.
Microsoft Office Sessions:
=========================
Error: (11/26/2013 06:32:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/26/2013 06:26:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2013 05:59:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2013 05:58:47 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4SHLWAPI.dll6.1.7601.175144ce7c9abc00000050000000000011143a2401cee9ff78fbd0b6C:\Windows\Explorer.EXEC:\Windows\system32\SHLWAPI.dlld8e82a27-55f2-11e3-9344-94de8027483b
Error: (11/24/2013 11:56:35 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/24/2013 11:55:03 AM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487d8c01cee9039a346ebfC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeded59652-54f6-11e3-91eb-94de8027483b
Error: (11/23/2013 11:58:11 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/22/2013 07:56:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/22/2013 06:13:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/22/2013 05:40:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2013-05-03 18:03:31.031
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-03 18:03:30.999
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-03 18:03:30.966
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-03 18:03:30.933
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-03 11:53:20.593
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-03 11:53:20.577
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 16344.73 MB
Available physical RAM: 13735.9 MB
Total Pagefile: 32687.64 MB
Available Pagefile: 29820.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:195.21 GB) (Free:30.5 GB) NTFS
Drive d: (Daten) (Fixed) (Total:781.25 GB) (Free:275.56 GB) NTFS
Drive e: (Daten-alt) (Fixed) (Total:359.56 GB) (Free:180.33 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238 GB) (Disk ID: 1AB7BA3E)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=43 GB) - (Type=83)
========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 85EF4823)
Partition 1: (Not Active) - (Size=781 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150 GB) - (Type=83)
========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: B2846098)
Partition 1: (Active) - (Size=360 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=18 GB) - (Type=82)
Partition 3: (Not Active) - (Size=80 GB) - (Type=83)
==================== End Of Log ============================
Gmer.txt: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-26 19:16:19
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000071 SAMSUNG_ rev.CXM0 238,47GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Norbert\AppData\Local\Temp\ufriipoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cb1465 2 bytes [CB, 76]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cb14bb 2 bytes [CB, 76]
.text ... * 2
.text C:\Program Files\Internet Explorer\iexplore.exe[4632] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007feff754ed0 9 bytes [68, 78, 03, 74, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4632] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc915c54 7 bytes [68, 08, 03, 74, 03, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[4632] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc915c64 9 bytes [68, 40, 03, 74, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4632] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007feff4317a0 9 bytes [68, B0, 03, 74, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A 0000000077a0f578 7 bytes JMP 0000000100f50570
.text C:\Program Files\Internet Explorer\iexplore.exe[4676] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W 0000000077a1b0cc 7 bytes JMP 0000000100f505a8
.text C:\Program Files\Internet Explorer\iexplore.exe[4676] C:\Windows\system32\kernel32.dll!CreateThread 0000000077326580 9 bytes JMP 0000000100f504c8
.text C:\Program Files\Internet Explorer\iexplore.exe[4676] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007feff3675f0 7 bytes [68, E0, 05, F5, 00, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[4676] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007feff6f1180 10 bytes [68, C0, 06, F5, 00, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4676] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007feff6f1320 7 bytes [68, 50, 06, F5, 00, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[4676] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007feff6f4450 6 bytes [68, 18, 06, F5, 00, C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[4676] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007feff6f6720 10 bytes [68, 88, 06, F5, 00, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4676] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007feff754ed0 9 bytes [68, 78, 03, F5, 00, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4676] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc915c54 7 bytes [68, 08, 03, F5, 00, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[4676] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc915c64 9 bytes [68, 40, 03, F5, 00, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4676] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007feff4317a0 9 bytes [68, B0, 03, F5, 00, C3, CC, ...]
? C:\Windows\system32\mssprxy.dll [4484] entry point in ".rdata" section 00000000735771e6
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A 0000000077a0f578 7 bytes JMP 0000000102fd0570
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W 0000000077a1b0cc 7 bytes JMP 0000000102fd05a8
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] C:\Windows\system32\kernel32.dll!CreateThread 0000000077326580 9 bytes JMP 0000000102fd04c8
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007feff3675f0 7 bytes [68, E0, 05, FD, 02, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007feff6f1180 10 bytes [68, C0, 06, FD, 02, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007feff6f1320 7 bytes [68, 50, 06, FD, 02, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007feff6f4450 6 bytes [68, 18, 06, FD, 02, C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007feff6f6720 10 bytes [68, 88, 06, FD, 02, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007feff754ed0 9 bytes [68, 78, 03, FD, 02, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc915c54 7 bytes [68, 08, 03, FD, 02, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc915c64 9 bytes [68, 40, 03, FD, 02, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007feff4317a0 9 bytes [68, B0, 03, FD, 02, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A 0000000077a0f578 7 bytes JMP 00000001033b0570
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W 0000000077a1b0cc 7 bytes JMP 00000001033b05a8
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] C:\Windows\system32\kernel32.dll!CreateThread 0000000077326580 9 bytes JMP 00000001033b04c8
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007feff3675f0 7 bytes [68, E0, 05, 3B, 03, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007feff6f1180 10 bytes [68, C0, 06, 3B, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007feff6f1320 7 bytes [68, 50, 06, 3B, 03, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007feff6f4450 6 bytes [68, 18, 06, 3B, 03, C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007feff6f6720 10 bytes [68, 88, 06, 3B, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007feff754ed0 9 bytes [68, 78, 03, 3B, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc915c54 7 bytes [68, 08, 03, 3B, 03, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc915c64 9 bytes [68, 40, 03, 3B, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4768] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007feff4317a0 9 bytes [68, B0, 03, 3B, 03, C3, CC, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [1468:1472] 000000000132d227
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Vielen Dank schonmal vorab :) |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
