| harryhirschi | 28.03.2014 22:40 |
Ominöses "Sicherheits Update"
habe ich seit einiger Zeit auf meinem Rechner. Jedes mal nach dem booten kommt nach einiger Zeit ein etwas nachgebaut aussehender Hinweistext, mit der Aufforderung, das Sicherheits Update zu bestätigen, nach meinem Dafürhalten ist es ein Trojaner, den man sich damit runterladen würde. Könnt Ihr mir weiterhelfen, will mich des Dings zu entledigen, schaff es aber so nicht ohne Fremdhilfe, zumal ich PC mässig ziemlich unbedarft bin ....!!! Hofe, as mit den Code Tags hat gefunzt, habe das mit dem # anklicken nicht hingekriegt und es damit versucht, das Dateiende und Dateibeginn entsprechend aus dem Editor zu übertragen. Falls ich Mist gebaut haben sollte, bitte ent entschuldigen.
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:19 on 28/03/2014 (hamis)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by hamis at 2014-03-28 15:32:45
Running from C:\Users\hamis\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
32 Bit HP CIO Components Installer (Version: 13.1.2 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version: - AVM Berlin)
Browser Guard (HKLM\...\Browser Guard) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Free System Utilities (HKLM\...\{1dbeae21-5908-4648-ac37-92b91abc66ab}) (Version: 1.1.3.0 - Covus Freemium GmbH)
Free SystemUtilities (Version: 1.1.3.0 - Covus Freemium GmbH) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GVService (HKCU\...\GVService) (Version: - Baqué & Lauter GmbH)
Hotspot Shield 2.53 (HKLM\...\HotspotShield) (Version: 2.53 - AnchorFree)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.0.0.009 - HTC Corporation)
HTC Sync Manager (HKLM\...\{5DC3BFF3-B84F-4CBE-B2BD-FB52B6C247CA}) (Version: 1.1.66.0 - HTC)
Iminent (Version: 5.29.41.0 - Iminent) Hidden <==== ATTENTION
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
LAWgistic - Forderungsberechner 2.2 (HKLM\...\LAWgistic - Forderungsberechner_is1) (Version: - LAWgistic)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Miniplayer (HKCU\...\207d3b48e61f3443) (Version: 1.0.0.6 - Miniplayer)
MOBackup - Datensicherung für Outlook (Vollversion) (HKLM\...\MOBackup-DatensicherungfürOutlook) (Version: 6.92 - Heiko Schröder)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETWORK PRINT MONITOR (HKLM\...\NETWORK PRINT MONITOR) (Version: 5.3.1922 - Kyocera Mita Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Olivetti Product Library (HKLM\...\Olivetti Product Library) (Version: 3.0.0219 - KYOCERA Document Solutions Inc.)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
sv.net (HKLM\...\sv.net) (Version: 13.2 - ITSG GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
==================== Restore Points =========================
20-02-2014 13:58:37 Windows Update
24-02-2014 10:12:34 Windows Update
27-02-2014 16:41:49 Windows Update
28-02-2014 02:00:14 Windows Update
01-03-2014 02:00:14 Windows Update
04-03-2014 10:03:25 Windows Update
07-03-2014 11:52:11 Windows Update
18-03-2014 10:08:46 Windows Update
18-03-2014 10:50:33 Windows Update
21-03-2014 16:23:51 Windows Update
25-03-2014 08:44:55 Windows Update
26-03-2014 19:21:17 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:04 - 2012-10-25 11:15 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {2417E3D1-B43A-4747-85BF-69FF8ACCC345} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-18] (Google Inc.)
Task: {7413D6E9-2D4C-4F21-A5BE-BB2626A95808} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-19] (Adobe Systems Incorporated)
Task: {775F992A-DE16-4912-B0CC-82F58A1019AA} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-12-18] ()
Task: {7925CE26-2767-4809-8979-A29AF2844094} - System32\Tasks\Freemium1ClickMaint => C:\Program Files\Covus Freemium\Free System Utilities\1Click.exe [2013-10-24] (Covus Freemium GmbH)
Task: {8F25D40A-2CE6-4835-8A01-081381A5FBDE} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files\Real\RealPlayer\update\realsched.exe [2013-09-29] (RealNetworks, Inc.)
Task: {A3183163-42CF-4FEE-A6D6-3D787F155F87} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {C032401C-2F45-4075-85EE-088FE5206E76} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-12-18] ()
Task: {D4812F3C-146A-4440-A4BC-878BB76AF5C1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3251325105-1702950111-330446913-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F11439B2-8589-469A-8377-AF93A5776428} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {F138E9CE-AC46-4519-98C6-01B7A2CC0D4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-18] (Google Inc.)
Task: {F969B536-D2AF-4E14-9694-B6D8340013B1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3251325105-1702950111-330446913-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-04-14 02:02 - 2013-01-31 10:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-06-20 10:35 - 2013-04-01 16:15 - 00176128 _____ () C:\Windows\System32\HP2014LM.DLL
2013-06-20 10:35 - 2013-04-01 16:15 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP2014PP.dll
2012-04-02 19:46 - 2012-04-02 19:46 - 00329544 _____ () C:\Program Files\Hotspot Shield\bin\hsswd.exe
2009-03-30 03:34 - 2009-03-30 03:34 - 00280143 _____ () C:\Program Files\Hotspot Shield\bin\libidn-11.dll
2009-03-27 21:02 - 2009-03-27 21:02 - 01554920 _____ () C:\Program Files\Hotspot Shield\bin\libeay32.dll
2009-03-27 21:02 - 2009-03-27 21:02 - 00332254 _____ () C:\Program Files\Hotspot Shield\bin\libssl32.dll
2012-11-18 22:11 - 2012-11-18 22:11 - 00024496 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2012-11-18 22:11 - 2012-11-18 22:11 - 00466256 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2012-11-18 22:12 - 2012-11-18 22:12 - 00043944 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2012-11-18 22:12 - 2012-11-18 22:12 - 00035776 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2012-11-18 22:12 - 2012-11-18 22:12 - 00079808 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2012-11-18 22:14 - 2012-11-18 22:14 - 00223152 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
2012-10-08 16:40 - 2012-10-08 16:40 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-11-18 22:13 - 2012-11-18 22:13 - 00168864 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-02-17 11:13 - 2014-02-17 11:13 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-19 10:48 - 2014-03-19 10:48 - 16276872 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-03-28 10:17 - 2014-03-28 10:17 - 00050477 _____ () C:\Users\hamis\Desktop\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/28/2014 10:51:41 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/28/2014 10:49:44 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/27/2014 01:08:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/27/2014 01:05:48 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/26/2014 10:24:45 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/26/2014 10:22:33 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/25/2014 10:17:21 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/25/2014 10:16:08 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/24/2014 09:58:47 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/24/2014 09:56:49 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (03/28/2014 09:50:47 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
Error: (03/28/2014 09:48:57 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/28/2014 09:47:56 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hotspot Shield Service" ist von folgendem Dienst abhängig: taphss. Dieser Dienst ist eventuell nicht installiert.
Error: (03/27/2014 08:08:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hotspot Shield Service" ist von folgendem Dienst abhängig: taphss. Dieser Dienst ist eventuell nicht installiert.
Error: (03/27/2014 00:31:22 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IPBusEnum erreicht.
Error: (03/27/2014 00:28:59 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/27/2014 00:27:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hotspot Shield Service" ist von folgendem Dienst abhängig: taphss. Dieser Dienst ist eventuell nicht installiert.
Error: (03/26/2014 08:22:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Microsoft-Netzwerkinspektion konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (03/26/2014 06:31:31 PM) (Source: DCOM) (User: hamis-PC)
Description: AnwendungsspezifischLokalAktivierung{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}hamis-PChamisS-1-5-21-3251325105-1702950111-330446913-1000LocalHost (unter Verwendung von LRPC)
Error: (03/26/2014 06:31:31 PM) (Source: DCOM) (User: hamis-PC)
Description: AnwendungsspezifischLokalAktivierung{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}hamis-PChamisS-1-5-21-3251325105-1702950111-330446913-1000LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (08/24/2012 00:32:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5335 seconds with 2580 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 3327.3 MB
Available physical RAM: 2082.74 MB
Total Pagefile: 6652.9 MB
Available Pagefile: 5273.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.5 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.95 GB) (Free:88.08 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: EE93D968)
Partition: GPT Partition Type.
==================== End Of Log ============================
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by hamis (administrator) on HAMIS-PC on 28-03-2014 15:32:24
Running from C:\Users\hamis\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
() C:\Users\hamis\Desktop\Defogger.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IELowutil.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AVMWlanClient] - C:\Program Files\avmwlanstick\wlangui.exe [1753088 2008-02-25] (AVM Berlin)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-09-29] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3251325105-1702950111-330446913-1000\...\MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3251325105-1702950111-330446913-1000\...\MountPoints2: {2aaf4aa8-3d25-11e2-b137-806e6f6e6963} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3251325105-1702950111-330446913-1000\...\MountPoints2: {2aaf4b14-3d25-11e2-b137-002522d33ed8} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3251325105-1702950111-330446913-1000\...\MountPoints2: {d9b2e14e-766c-11e1-88af-002522d33ed8} - E:\pushinst.exe
Startup: C:\Users\hamis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFC4076EF790ACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Browser Guard - {02a0d829-4393-46fc-a37e-126263035883} - C:\Program Files\Browser Guard\browserguard.dll (Browser Guard)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\hamis\AppData\Roaming\Mozilla\Firefox\Profiles\yziwqx47.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Language Pack Install Helper - C:\Users\hamis\AppData\Roaming\Mozilla\Firefox\Profiles\yziwqx47.default\Extensions\jid0-3qAYz7se7F3gEIA63LjbuEaPEDk@jetpack.xpi [2012-11-14]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-29]
FF HKLM\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files\Browser Guard\browserguard.xpi
FF Extension: Browser Guard - C:\Program Files\Browser Guard\browserguard.xpi [2013-08-27]
Chrome:
=======
CHR HomePage: hxxp://www.startfenster.com
CHR RestoreOnStartup: "hxxp://www.startfenster.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Extension: (YouTube) - C:\Users\hamis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-18]
CHR Extension: (Google-Suche) - C:\Users\hamis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-18]
CHR Extension: (Google Mail) - C:\Users\hamis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-18]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files\Browser Guard\browserguard.crx [2013-08-27]
========================== Services (Whitelisted) =================
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [364544 2008-02-25] (AVM Berlin)
S2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [542552 2012-04-11] ()
R2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [363336 2011-11-15] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-04-11] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [329544 2012-04-02] ()
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2012-10-26] (Nero AG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 SystemStoreService; C:\Program Files\SoftwareUpdater\SystemStore.exe [297984 2014-03-28] ()
==================== Drivers (Whitelisted) ====================
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-11-07] (AVM Berlin)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [401920 2007-12-19] (AVM GmbH)
R3 HPEWSFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2009-02-25] (Hewlett Packard)
R3 HssDrv; C:\Windows\System32\DRIVERS\HssDrv.sys [37376 2012-04-11] (AnchorFree Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-28 15:32 - 2014-03-28 15:32 - 00014689 _____ () C:\Users\hamis\Downloads\FRST.txt
2014-03-28 15:31 - 2014-03-28 15:32 - 00000000 ____D () C:\FRST
2014-03-28 15:30 - 2014-03-28 15:30 - 01145856 _____ (Farbar) C:\Users\hamis\Downloads\FRST.exe
2014-03-28 10:19 - 2014-03-28 10:19 - 00000472 _____ () C:\Users\hamis\Desktop\defogger_disable.log
2014-03-28 10:19 - 2014-03-28 10:19 - 00000000 _____ () C:\Users\hamis\defogger_reenable
2014-03-28 10:17 - 2014-03-28 10:17 - 00050477 _____ () C:\Users\hamis\Desktop\Defogger.exe
2014-03-27 20:06 - 2014-03-27 20:06 - 00002088 _____ () C:\AdwCleaner[S4].txt
2014-03-27 20:06 - 2014-03-27 20:06 - 00002027 _____ () C:\AdwCleaner[R10].txt
2014-03-25 18:55 - 2014-03-25 18:55 - 00065560 _____ () C:\Users\hamis\Downloads\NETGEAR_WNDR4000(1).cfg
2014-03-25 18:53 - 2014-03-25 18:53 - 00065560 _____ () C:\Users\hamis\Downloads\NETGEAR_WNDR4000.cfg
2014-03-23 18:21 - 2014-03-23 18:21 - 00000000 ____D () C:\Users\hamis\Desktop\Spk
2014-03-18 11:14 - 2014-03-01 05:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-18 11:14 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-18 11:14 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-18 11:14 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-18 11:14 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-18 11:14 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-18 11:14 - 2014-03-01 04:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-18 11:14 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-18 11:14 - 2014-03-01 04:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-18 11:14 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-18 11:14 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-18 11:14 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-18 11:13 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-18 11:13 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-18 11:13 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-18 11:13 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-18 11:13 - 2014-03-01 04:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-18 11:13 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-18 11:13 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-18 11:13 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-18 11:13 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-18 11:13 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-18 11:13 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-18 11:12 - 2014-02-07 02:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-18 11:12 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-18 11:12 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-18 11:12 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-05 10:37 - 2014-03-05 10:37 - 00049344 _____ () C:\Windows\PFRO.log
==================== One Month Modified Files and Folders =======
2014-03-28 15:32 - 2014-03-28 15:32 - 00014689 _____ () C:\Users\hamis\Downloads\FRST.txt
2014-03-28 15:32 - 2014-03-28 15:31 - 00000000 ____D () C:\FRST
2014-03-28 15:30 - 2014-03-28 15:30 - 01145856 _____ (Farbar) C:\Users\hamis\Downloads\FRST.exe
2014-03-28 15:29 - 2012-06-18 10:31 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-28 15:29 - 2012-06-18 10:31 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 15:28 - 2012-08-01 09:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 15:28 - 2012-03-25 10:50 - 01113588 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 10:19 - 2014-03-28 10:19 - 00000472 _____ () C:\Users\hamis\Desktop\defogger_disable.log
2014-03-28 10:19 - 2014-03-28 10:19 - 00000000 _____ () C:\Users\hamis\defogger_reenable
2014-03-28 10:19 - 2012-03-25 11:49 - 00000000 ____D () C:\Users\hamis
2014-03-28 10:17 - 2014-03-28 10:17 - 00050477 _____ () C:\Users\hamis\Desktop\Defogger.exe
2014-03-28 10:10 - 2012-04-06 15:22 - 00000000 ____D () C:\Users\hamis\Documents\PW
2014-03-28 09:56 - 2009-07-14 05:34 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:56 - 2009-07-14 05:34 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:52 - 2012-03-25 11:57 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-28 09:50 - 2012-12-03 10:07 - 00000000 ____D () C:\Users\hamis\AppData\Local\HTC MediaHub
2014-03-28 09:47 - 2014-02-04 09:35 - 00001568 _____ () C:\Windows\setupact.log
2014-03-28 09:47 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-27 20:06 - 2014-03-27 20:06 - 00002088 _____ () C:\AdwCleaner[S4].txt
2014-03-27 20:06 - 2014-03-27 20:06 - 00002027 _____ () C:\AdwCleaner[R10].txt
2014-03-27 17:52 - 2012-04-27 14:57 - 00000000 ____D () C:\Users\hamis\Documents\Scans
2014-03-26 20:22 - 2012-10-29 13:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-26 20:22 - 2012-03-25 12:30 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-26 20:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-25 18:55 - 2014-03-25 18:55 - 00065560 _____ () C:\Users\hamis\Downloads\NETGEAR_WNDR4000(1).cfg
2014-03-25 18:53 - 2014-03-25 18:53 - 00065560 _____ () C:\Users\hamis\Downloads\NETGEAR_WNDR4000.cfg
2014-03-25 15:43 - 2012-04-06 15:22 - 00000000 ____D () C:\Users\hamis\Documents\Korrfuerdritte
2014-03-23 18:21 - 2014-03-23 18:21 - 00000000 ____D () C:\Users\hamis\Desktop\Spk
2014-03-23 11:02 - 2012-04-06 15:22 - 00000000 ____D () C:\Users\hamis\Documents\gartenstr
2014-03-19 20:51 - 2012-04-06 15:22 - 00000000 ____D () C:\Users\hamis\Documents\Literatur
2014-03-19 10:48 - 2012-04-10 14:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-19 10:48 - 2012-04-10 14:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-19 10:27 - 2009-07-14 05:33 - 00524944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 10:25 - 2013-08-28 16:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-18 11:55 - 2012-03-25 11:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-18 11:54 - 2013-08-14 22:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 11:51 - 2012-03-25 12:59 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-11 09:52 - 2012-08-30 22:03 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
2014-03-05 10:37 - 2014-03-05 10:37 - 00049344 _____ () C:\Windows\PFRO.log
2014-03-01 05:30 - 2014-03-18 11:13 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 05:11 - 2014-03-18 11:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 05:10 - 2014-03-18 11:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 04:52 - 2014-03-18 11:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 04:51 - 2014-03-18 11:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-18 11:13 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 04:43 - 2014-03-18 11:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 04:43 - 2014-03-18 11:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 04:40 - 2014-03-18 11:14 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 04:38 - 2014-03-18 11:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 04:38 - 2014-03-18 11:14 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 04:37 - 2014-03-18 11:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 04:31 - 2014-03-18 11:14 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:25 - 2014-03-18 11:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 04:16 - 2014-03-18 11:13 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:14 - 2014-03-18 11:13 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:03 - 2014-03-18 11:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:00 - 2014-03-18 11:13 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 03:57 - 2014-03-18 11:13 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 03:32 - 2014-03-18 11:14 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 03:27 - 2014-03-18 11:13 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:25 - 2014-03-18 11:14 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-20 10:53
==================== End Of Log ============================
--- --- ---
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by hamis (administrator) on HAMIS-PC on 28-03-2014 15:32:24
Running from C:\Users\hamis\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
() C:\Users\hamis\Desktop\Defogger.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IELowutil.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AVMWlanClient] - C:\Program Files\avmwlanstick\wlangui.exe [1753088 2008-02-25] (AVM Berlin)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-09-29] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3251325105-1702950111-330446913-1000\...\MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3251325105-1702950111-330446913-1000\...\MountPoints2: {2aaf4aa8-3d25-11e2-b137-806e6f6e6963} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3251325105-1702950111-330446913-1000\...\MountPoints2: {2aaf4b14-3d25-11e2-b137-002522d33ed8} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3251325105-1702950111-330446913-1000\...\MountPoints2: {d9b2e14e-766c-11e1-88af-002522d33ed8} - E:\pushinst.exe
Startup: C:\Users\hamis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFC4076EF790ACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Browser Guard - {02a0d829-4393-46fc-a37e-126263035883} - C:\Program Files\Browser Guard\browserguard.dll (Browser Guard)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\hamis\AppData\Roaming\Mozilla\Firefox\Profiles\yziwqx47.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Language Pack Install Helper - C:\Users\hamis\AppData\Roaming\Mozilla\Firefox\Profiles\yziwqx47.default\Extensions\jid0-3qAYz7se7F3gEIA63LjbuEaPEDk@jetpack.xpi [2012-11-14]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-29]
FF HKLM\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files\Browser Guard\browserguard.xpi
FF Extension: Browser Guard - C:\Program Files\Browser Guard\browserguard.xpi [2013-08-27]
Chrome:
=======
CHR HomePage: hxxp://www.startfenster.com
CHR RestoreOnStartup: "hxxp://www.startfenster.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Extension: (YouTube) - C:\Users\hamis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-18]
CHR Extension: (Google-Suche) - C:\Users\hamis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-18]
CHR Extension: (Google Mail) - C:\Users\hamis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-18]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files\Browser Guard\browserguard.crx [2013-08-27]
========================== Services (Whitelisted) =================
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [364544 2008-02-25] (AVM Berlin)
S2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [542552 2012-04-11] ()
R2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [363336 2011-11-15] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-04-11] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [329544 2012-04-02] ()
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2012-10-26] (Nero AG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 SystemStoreService; C:\Program Files\SoftwareUpdater\SystemStore.exe [297984 2014-03-28] ()
==================== Drivers (Whitelisted) ====================
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-11-07] (AVM Berlin)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [401920 2007-12-19] (AVM GmbH)
R3 HPEWSFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2009-02-25] (Hewlett Packard)
R3 HssDrv; C:\Windows\System32\DRIVERS\HssDrv.sys [37376 2012-04-11] (AnchorFree Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-28 15:32 - 2014-03-28 15:32 - 00014689 _____ () C:\Users\hamis\Downloads\FRST.txt
2014-03-28 15:31 - 2014-03-28 15:32 - 00000000 ____D () C:\FRST
2014-03-28 15:30 - 2014-03-28 15:30 - 01145856 _____ (Farbar) C:\Users\hamis\Downloads\FRST.exe
2014-03-28 10:19 - 2014-03-28 10:19 - 00000472 _____ () C:\Users\hamis\Desktop\defogger_disable.log
2014-03-28 10:19 - 2014-03-28 10:19 - 00000000 _____ () C:\Users\hamis\defogger_reenable
2014-03-28 10:17 - 2014-03-28 10:17 - 00050477 _____ () C:\Users\hamis\Desktop\Defogger.exe
2014-03-27 20:06 - 2014-03-27 20:06 - 00002088 _____ () C:\AdwCleaner[S4].txt
2014-03-27 20:06 - 2014-03-27 20:06 - 00002027 _____ () C:\AdwCleaner[R10].txt
2014-03-25 18:55 - 2014-03-25 18:55 - 00065560 _____ () C:\Users\hamis\Downloads\NETGEAR_WNDR4000(1).cfg
2014-03-25 18:53 - 2014-03-25 18:53 - 00065560 _____ () C:\Users\hamis\Downloads\NETGEAR_WNDR4000.cfg
2014-03-23 18:21 - 2014-03-23 18:21 - 00000000 ____D () C:\Users\hamis\Desktop\Spk
2014-03-18 11:14 - 2014-03-01 05:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-18 11:14 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-18 11:14 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-18 11:14 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-18 11:14 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-18 11:14 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-18 11:14 - 2014-03-01 04:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-18 11:14 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-18 11:14 - 2014-03-01 04:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-18 11:14 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-18 11:14 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-18 11:14 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-18 11:13 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-18 11:13 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-18 11:13 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-18 11:13 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-18 11:13 - 2014-03-01 04:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-18 11:13 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-18 11:13 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-18 11:13 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-18 11:13 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-18 11:13 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-18 11:13 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-18 11:12 - 2014-02-07 02:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-18 11:12 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-18 11:12 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-18 11:12 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-05 10:37 - 2014-03-05 10:37 - 00049344 _____ () C:\Windows\PFRO.log
==================== One Month Modified Files and Folders =======
2014-03-28 15:32 - 2014-03-28 15:32 - 00014689 _____ () C:\Users\hamis\Downloads\FRST.txt
2014-03-28 15:32 - 2014-03-28 15:31 - 00000000 ____D () C:\FRST
2014-03-28 15:30 - 2014-03-28 15:30 - 01145856 _____ (Farbar) C:\Users\hamis\Downloads\FRST.exe
2014-03-28 15:29 - 2012-06-18 10:31 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-28 15:29 - 2012-06-18 10:31 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 15:28 - 2012-08-01 09:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 15:28 - 2012-03-25 10:50 - 01113588 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 10:19 - 2014-03-28 10:19 - 00000472 _____ () C:\Users\hamis\Desktop\defogger_disable.log
2014-03-28 10:19 - 2014-03-28 10:19 - 00000000 _____ () C:\Users\hamis\defogger_reenable
2014-03-28 10:19 - 2012-03-25 11:49 - 00000000 ____D () C:\Users\hamis
2014-03-28 10:17 - 2014-03-28 10:17 - 00050477 _____ () C:\Users\hamis\Desktop\Defogger.exe
2014-03-28 10:10 - 2012-04-06 15:22 - 00000000 ____D () C:\Users\hamis\Documents\PW
2014-03-28 09:56 - 2009-07-14 05:34 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:56 - 2009-07-14 05:34 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:52 - 2012-03-25 11:57 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-28 09:50 - 2012-12-03 10:07 - 00000000 ____D () C:\Users\hamis\AppData\Local\HTC MediaHub
2014-03-28 09:47 - 2014-02-04 09:35 - 00001568 _____ () C:\Windows\setupact.log
2014-03-28 09:47 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-27 20:06 - 2014-03-27 20:06 - 00002088 _____ () C:\AdwCleaner[S4].txt
2014-03-27 20:06 - 2014-03-27 20:06 - 00002027 _____ () C:\AdwCleaner[R10].txt
2014-03-27 17:52 - 2012-04-27 14:57 - 00000000 ____D () C:\Users\hamis\Documents\Scans
2014-03-26 20:22 - 2012-10-29 13:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-26 20:22 - 2012-03-25 12:30 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-26 20:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-25 18:55 - 2014-03-25 18:55 - 00065560 _____ () C:\Users\hamis\Downloads\NETGEAR_WNDR4000(1).cfg
2014-03-25 18:53 - 2014-03-25 18:53 - 00065560 _____ () C:\Users\hamis\Downloads\NETGEAR_WNDR4000.cfg
2014-03-25 15:43 - 2012-04-06 15:22 - 00000000 ____D () C:\Users\hamis\Documents\Korrfuerdritte
2014-03-23 18:21 - 2014-03-23 18:21 - 00000000 ____D () C:\Users\hamis\Desktop\Spk
2014-03-23 11:02 - 2012-04-06 15:22 - 00000000 ____D () C:\Users\hamis\Documents\gartenstr
2014-03-19 20:51 - 2012-04-06 15:22 - 00000000 ____D () C:\Users\hamis\Documents\Literatur
2014-03-19 10:48 - 2012-04-10 14:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-19 10:48 - 2012-04-10 14:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-19 10:27 - 2009-07-14 05:33 - 00524944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 10:25 - 2013-08-28 16:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-18 11:55 - 2012-03-25 11:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-18 11:54 - 2013-08-14 22:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 11:51 - 2012-03-25 12:59 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-11 09:52 - 2012-08-30 22:03 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
2014-03-05 10:37 - 2014-03-05 10:37 - 00049344 _____ () C:\Windows\PFRO.log
2014-03-01 05:30 - 2014-03-18 11:13 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 05:11 - 2014-03-18 11:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 05:10 - 2014-03-18 11:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 04:52 - 2014-03-18 11:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 04:51 - 2014-03-18 11:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-18 11:13 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 04:43 - 2014-03-18 11:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 04:43 - 2014-03-18 11:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 04:40 - 2014-03-18 11:14 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 04:38 - 2014-03-18 11:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 04:38 - 2014-03-18 11:14 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 04:37 - 2014-03-18 11:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 04:31 - 2014-03-18 11:14 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:25 - 2014-03-18 11:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 04:16 - 2014-03-18 11:13 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:14 - 2014-03-18 11:13 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:03 - 2014-03-18 11:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:00 - 2014-03-18 11:13 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 03:57 - 2014-03-18 11:13 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 03:32 - 2014-03-18 11:14 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 03:27 - 2014-03-18 11:13 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:25 - 2014-03-18 11:14 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-20 10:53
==================== End Of Log ============================
--- --- ---
GMER Logfile: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-28 17:56:19
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000005e Hitachi_ rev.ES1O 149,05GB
Running: Gmer-19357.exe; Driver: C:\Users\hamis\AppData\Local\Temp\kgloipod.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A76A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB0212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2332] kernel32.dll!SetUnhandledExceptionFilter 761FF4EB 5 Bytes JMP 5CF253FC C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2332] ole32.dll!OleLoadFromStream 76946143 5 Bytes JMP 5D9EF68E C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3728] kernel32.dll!SetUnhandledExceptionFilter 761FF4EB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32@ %SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}
---- EOF - GMER 2.1 ----
--- --- ---
GMER Logfile: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-28 17:56:19
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000005e Hitachi_ rev.ES1O 149,05GB
Running: Gmer-19357.exe; Driver: C:\Users\hamis\AppData\Local\Temp\kgloipod.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A76A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB0212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2332] kernel32.dll!SetUnhandledExceptionFilter 761FF4EB 5 Bytes JMP 5CF253FC C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2332] ole32.dll!OleLoadFromStream 76946143 5 Bytes JMP 5D9EF68E C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3728] kernel32.dll!SetUnhandledExceptionFilter 761FF4EB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32@ %SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}
---- EOF - GMER 2.1 ----
[/CODE]
--- --- --- |
Hinweise: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. 
FRST 32-Bit | FRST 64-Bit