Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win7, AVIRA meldet BOO/TDss.O auf D:

Win7, AVIRA meldet BOO/TDss.O auf D:


Log-Analyse und Auswertung: Win7, AVIRA meldet BOO/TDss.O auf D:

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 05.02.2014, 14:32   #1
Grisu113
 
Win7, AVIRA meldet BOO/TDss.O auf D: - Standard

Win7, AVIRA meldet BOO/TDss.O auf D:


Hallo Trojaner Team.

Ich erhalte folgende Meldung von AVIRA:

Im Masterbootsektor von Laufwerk 'Masterbootsektor HD0' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern.

Im Popup steht: Laufwerk D:

Habe eine Installation mit XP und Win7. Weis aber leider nicht genau, was auf welchem Laufwerk ist

Hier die Berichte der Scanner:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:32 on 05/02/2014 (Grisu)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-02-2014
Ran by Grisu (administrator) on GRISU-PC on 05-02-2014 13:38:58
Running from C:\Users\Grisu\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Windows\System32\atwtusb.exe
() C:\Windows\System32\atwtusb.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
() C:\Windows\System32\WTMKM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
() C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [CmPCIaudio] - RunDll32 CMICNFG3.cpl,CMICtrlWnd
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [ApplyEsf-eDocPrintPro] - C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe [319488 2012-03-23] (May Software)
HKLM\...\Run: [Ulead AutoDetector v2] - C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2006-11-29] (Ulead Systems, Inc.)
HKLM\...\Run: [MacrokeyManager] - C:\Windows\system32\WTMKM.exe [7134952 2010-12-24] ()
HKLM\...\Run: [] - [X]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-13] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-13] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort14reminder] - C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [333088 2011-05-16] (Nuance Communications, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1389033348-806256550-1857240747-1001\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-05] (Google Inc.)
HKU\S-1-5-21-1389033348-806256550-1857240747-1001\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-1389033348-806256550-1857240747-1001\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-1389033348-806256550-1857240747-1001\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1389033348-806256550-1857240747-1001\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1389033348-806256550-1857240747-1001\...\Run: [EPSONCCA66C (Epson Stylus Office BX305 Plus)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHRE.EXE [212480 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1389033348-806256550-1857240747-1001\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-05] (Google Inc.)
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\Run: [EPSONCCA66C (Epson Stylus Office BX305 Plus)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHRE.EXE [212480 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\MountPoints2: {1bfa89dc-2508-11e2-b60c-0004619288f2} - H:\Start.exe
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\MountPoints2: {d9ac8f47-07d5-11e1-bd69-806e6f6e6963} - E:\SETUP.EXE

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDB44AD95EA9BCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
SearchScopes: HKCU - {14CDB427-5B23-4CAC-ABAF-4AE6E8D746A4} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=25a02d85-1e5b-4d02-ac80-056e6a890a4a&apn_sauid=B573F83D-AAB9-46D2-B312-5E4B92DB03DD
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.96.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.112

FireFox:
========
FF ProfilePath: C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de
FF NetworkProxy: "http", "157.181.228.181"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "*.local, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\searchplugins\s-amazon-bymp-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: iCloud Bookmarks - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\firefoxdav@icloud.com [2013-12-25]
FF Extension: Xmarks - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\foxmarks@kei.com [2013-05-22]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\toolbar@ask.com [2013-01-15]
FF Extension: FireShot - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-02-05]
FF Extension: Flagfox - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2014-01-23]
FF Extension: WOT - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
FF Extension: Stealthy - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\stealthyextension@gmail.com.xpi [2012-02-11]
FF Extension: All-in-One Sidebar - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-02-11]
FF Extension: Adblock Plus - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-30]
FF Extension: Screenshoter - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\{d9babd10-47de-11df-9879-0800200c9a66}.xpi [2012-06-10]
FF Extension: ELO Archiv-Transfer - C:\Program Files\Mozilla Firefox\extensions\EloFirefoxAddon.xpi [2013-12-25]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [138600 2011-08-13] (Nuance Communications, Inc.)
R2 WTService; C:\Windows\system32\atwtusb.exe [870120 2011-01-26] ()

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-28] (Avira Operations GmbH & Co. KG)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1872000 2009-03-18] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-11-02] (DT Soft Ltd)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [17920 2010-04-16] (Silicon Laboratories, Inc.)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [63488 2010-04-16] (Silicon Laboratories)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [6144 2009-08-20] (Windows (R) Win 7 DDK provider)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-05 13:38 - 2014-02-05 13:39 - 00019729 _____ () C:\Users\Grisu\Desktop\FRST.txt
2014-02-05 13:35 - 2014-02-05 13:38 - 00000000 ____D () C:\FRST
2014-02-05 13:31 - 2014-02-05 13:31 - 01137152 _____ (Farbar) C:\Users\Grisu\Desktop\FRST.exe
2014-02-05 13:28 - 2014-02-05 13:28 - 00000166 _____ () C:\Users\Grisu\defogger_reenable
2014-02-05 13:27 - 2014-02-05 13:31 - 00000000 ____D () C:\Users\Grisu\Desktop\TROJANER

==================== One Month Modified Files and Folders =======

2014-02-05 13:39 - 2014-02-05 13:38 - 00019729 _____ () C:\Users\Grisu\Desktop\FRST.txt
2014-02-05 13:38 - 2014-02-05 13:35 - 00000000 ____D () C:\FRST
2014-02-05 13:32 - 2011-11-05 20:35 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-05 13:31 - 2014-02-05 13:31 - 01137152 _____ (Farbar) C:\Users\Grisu\Desktop\FRST.exe
2014-02-05 13:31 - 2014-02-05 13:27 - 00000000 ____D () C:\Users\Grisu\Desktop\TROJANER
2014-02-05 13:28 - 2014-02-05 13:28 - 00000166 _____ () C:\Users\Grisu\defogger_reenable
2014-02-05 13:28 - 2011-11-05 18:52 - 00000000 ____D () C:\Users\Grisu
2014-02-05 13:09 - 2012-02-22 21:33 - 00000000 ____D () C:\Users\Grisu\AppData\Local\64D48ACD-B492-4A9F-9D85-C9C79F07DDFC.aplzod
2014-02-05 12:57 - 2009-07-14 05:34 - 00014336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-05 12:57 - 2009-07-14 05:34 - 00014336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-05 12:56 - 2011-11-05 18:52 - 01134890 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 12:54 - 2012-04-09 11:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-05 12:54 - 2012-04-09 11:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-05 12:54 - 2011-11-05 19:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 12:51 - 2011-11-05 19:01 - 01621084 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-05 12:48 - 2013-04-23 12:25 - 00000000 ____D () C:\Users\Grisu\AppData\Local\FreePDF_XP
2014-02-05 12:48 - 2011-11-05 20:35 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-05 12:47 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-05 12:47 - 2009-07-14 05:39 - 00071726 _____ () C:\Windows\setupact.log
2014-02-05 12:47 - 2009-07-14 03:04 - 00000513 _____ () C:\Windows\win.ini
2014-01-23 21:54 - 2013-04-23 12:09 - 00000000 ____D () C:\Program Files\FreePDF_XP
2014-01-13 01:08 - 2012-02-22 14:49 - 00000000 ____D () C:\Users\Grisu\AppData\Roaming\UseNeXT
2014-01-13 00:32 - 2012-02-22 15:13 - 00000000 ____D () C:\Users\Grisu\AppData\Roaming\vlc

Some content of TEMP:
====================
C:\Users\Grisu\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-21 22:21

==================== End Of Log ============================
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-02-2014
Ran by Grisu at 2014-02-05 13:39:59
Running from C:\Users\Grisu\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

3Skeng Engineering© for Trimble SketchUp (Version:  - )
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03 - Adobe Systems Incorporated)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (Version: 1.15.13.0 - Ask.com) <==== ATTENTION
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.3.33021 - Ask.com)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
C-Media PCI Audio Device (Version:  - )
Corel Graphics - Windows Shell Extension (Version: 15.1.0.588 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.1.588 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (Version: 15.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (Version: 15.1.0.588 - Corel Corporation)
Crystal Reports XI (Version: 11.0.0.128227 - Business Objects)
CrystalDiskInfo 4.2.0a (Version: 4.2.0a - Crystal Dew World)
DAEMON Tools Pro (Version: 5.1.0.0333 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft)
Draeger MSI EM200 (Driver Removal) (Version:  - Draeger Safety MSI GmbH)
Draeger MSI P7 (Driver Removal) (Version:  - Draeger Safety MSI GmbH)
eDocPrintPro v3.17.6 (Version: 3.17.6 - MAY-Computer)
ELO Pdf Drucker (Version: 6.0 - ELO Digital Office GmbH)
ELOoffice (Version: 9.0 - ELO Digital Office GmbH)
EPSON BX305 Plus Series Printer Uninstall (Version:  - SEIKO EPSON Corporation)
FMS32-PRO Version 3.1.5 (Version:  - )
FreePDF (Remove only) (Version:  - )
Google Earth (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GPL Ghostscript (Version: 9.04 - Artifex Software Inc.)
gs_x86 (Version: 9.05 - MAY-Computer)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (Version: 1 - Microsoft Corporation)
HP LaserJet 4000 Drucksystem (Version:  - )
HP PrecisionScan Pro 3.0 (Version: 3.0.2.0000 - Hewlett-Packard)
iCloud (Version: 3.0.2.163 - Apple Inc.)
iExplorer 2.2.1.0 (Version:  - Macroplant, LLC)
IsoBuster 2.8.5 (Version: 2.8.5 - Smart Projects)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Labelwin Crystal 10 Treiber vom 06.10.2005 (Version: 2.0 - Label Software Gerald Bax GmbH Bielefeld)
Labelwin Crystal 11 (XI) Treiber vom 24.10.2005 (Version: 2.0 - Label Software Gerald Bax GmbH Bielefeld)
Labelwin DLL Grundroutinen (Version: 1.1.501 - Label Software Gerald Bax GmbH)
Labelwin DLL Grundroutinen Zusatz (Version: 1.1.600 - Label Software Gerald Bax GmbH)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (Version: 9.0.30729 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
Mp3tag v2.54 (Version: v2.54 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Backup Drivers (Version: 1.0.11100.8.0 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nuance PaperPort 14 (Version: 14.0.0000 - Nuance Communications, Inc.)
NVIDIA Display Control Panel (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Grafiktreiber 307.83 (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
P7 USB Driver 5.4.24 (Version:  - Dräger Safety MSI GmbH)
PaperPort Anywhere 1.1.4241.14593 powered by OfficeDrop (Version: 1.1.4241.14593 - OfficeDrop)
PaperPort Image Printer (Version: 14.00.0000 - Nuance Communications, Inc.)
PC200P 1.3,005 (Version:  - Dräger MSI GmbH)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Realtek AC'97 Audio (Version:  - )
RedMon - Redirection Port Monitor (Version:  - )
SketchUp Pro 8 (Version: 3.0.16944 - Trimble Navigation Limited)
SketchUp Viewer (Version: 8.0.15158 - Trimble Navigation Limited)
SpeedCommander 14 (Version: 14.00.6600 - SWE Sven Ritter)
Tablet Driver With Macrokey Manager (Version:  - )
TeamViewer 8 (Version: 8.0.16447 - TeamViewer)
Ulead PhotoImpact 12 (Version: 12.0 - Ulead System)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (Version:  - Microsoft)
UseNeXT by Tangysoft (Version:  - Tangysoft Ltd.)
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
VLC media player 2.1.1 (Version: 2.1.1 - VideoLAN)
Win7codecs (Version: 3.5.0 - Shark007)
WinRar3.70 (Version: 3.70.0000 - Projekt-PolytroX)

==================== Restore Points  =========================

31-12-2013 18:32:40 Geplanter Prüfpunkt
21-01-2014 21:27:11 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:04 - 2013-02-08 22:11 - 00000910 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

Task: {12AA3E1D-EDF6-4BAE-BD31-5B34B8E3F6E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {6B5834B2-AB46-465D-9C6F-698E75D280CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-05] (Google Inc.)
Task: {732D4B6E-8703-476D-9A76-049D3DB3C0CA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {911FA21C-32D6-4C90-BAD5-6E07824A567E} - System32\Tasks\AdobeAAMUpdater-1.0-Grisu-PC-Grisu => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {DB37DF28-DA16-45A5-9742-178141ADC2BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-05] (Google Inc.)
Task: {F0BAEFB5-3DD9-455C-84A8-79ADC720A207} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-12-20] ()
Task: {F7FBF0D3-0B4E-427E-904F-F0484BA12766} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-06-30 18:01 - 2004-07-26 16:11 - 00028672 ____N () C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-24 19:46 - 2012-10-24 19:46 - 00006144 _____ () C:\Users\Grisu\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.2.gadget\CoreTempReader.dll
2012-10-24 19:46 - 2012-10-24 19:46 - 00008704 _____ () C:\Users\Grisu\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.2.gadget\GetCoreTempInfoNET.dll
2012-10-24 19:46 - 2012-10-24 19:46 - 00007680 _____ () C:\Users\Grisu\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.2.gadget\SystemInfo.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2012-11-02 19:10 - 2012-05-16 20:24 - 00002048 _____ () C:\Program Files\DAEMON Tools Pro\MSIMG32.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-12-21 00:15 - 2010-12-21 00:15 - 01041248 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2011-09-01 20:10 - 2011-09-01 20:10 - 00122720 _____ () C:\Program Files\Microsoft Office\Office14\OUTLCTL.DLL
2013-12-25 12:18 - 2013-12-25 12:19 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2014 09:04:10 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: repakt10.exe, Version: 4.34.0.6, Zeitstempel: 0x500e5ab6
Name des fehlerhaften Moduls: MSVBVM60.DLL, Version: 6.0.98.15, Zeitstempel: 0x4a5bda6c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000b3fa
ID des fehlerhaften Prozesses: 0x11cc
Startzeit der fehlerhaften Anwendung: 0xrepakt10.exe0
Pfad der fehlerhaften Anwendung: repakt10.exe1
Pfad des fehlerhaften Moduls: repakt10.exe2
Berichtskennung: repakt10.exe3

Error: (01/13/2014 00:40:40 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/05/2014 01:56:33 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79791
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000c380b
ID des fehlerhaften Prozesses: 0x9f4
Startzeit der fehlerhaften Anwendung: 0xsidebar.exe0
Pfad der fehlerhaften Anwendung: sidebar.exe1
Pfad des fehlerhaften Moduls: sidebar.exe2
Berichtskennung: sidebar.exe3

Error: (01/02/2014 06:15:55 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014e1a8
ID des fehlerhaften Prozesses: 0x1394
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (12/31/2013 11:48:25 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014e1a8
ID des fehlerhaften Prozesses: 0x149c
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (12/01/2013 05:27:32 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 25.0.1.5064, Zeitstempel: 0x5282f204
Name des fehlerhaften Moduls: xul.dll, Version: 25.0.1.5064, Zeitstempel: 0x5282f10e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00118f87
ID des fehlerhaften Prozesses: 0x1288
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (11/20/2013 08:16:58 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xe64
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (11/17/2013 07:00:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 25.0.0.5046, Zeitstempel: 0x526b1e27
Name des fehlerhaften Moduls: xul.dll, Version: 25.0.0.5046, Zeitstempel: 0x526b1d27
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001157e7
ID des fehlerhaften Prozesses: 0xbdc
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (11/16/2013 05:08:39 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: jre-7u45-windows-i586-iftw(3).exe, Version: 7.0.450.18, Zeitstempel: 0x52542683
Name des fehlerhaften Moduls: jre-7u45-windows-i586-iftw(3).exe, Version: 7.0.450.18, Zeitstempel: 0x52542683
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0001308d
ID des fehlerhaften Prozesses: 0x1410
Startzeit der fehlerhaften Anwendung: 0xjre-7u45-windows-i586-iftw(3).exe0
Pfad der fehlerhaften Anwendung: jre-7u45-windows-i586-iftw(3).exe1
Pfad des fehlerhaften Moduls: jre-7u45-windows-i586-iftw(3).exe2
Berichtskennung: jre-7u45-windows-i586-iftw(3).exe3

Error: (11/13/2013 11:06:49 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f74

Startzeit: 01cee09ebe9d188c

Endzeit: 402

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 30405f96-4caf-11e3-8e7a-0004619288f2


System errors:
=============
Error: (02/05/2014 00:48:59 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/28/2014 11:54:12 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (01/28/2014 11:53:55 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/25/2014 09:39:36 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/23/2014 04:03:11 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/22/2014 07:10:13 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/21/2014 06:58:24 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/19/2014 11:37:39 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/12/2014 11:07:44 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/11/2014 08:38:38 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005


Microsoft Office Sessions:
=========================
Error: (01/23/2014 09:04:10 PM) (Source: Application Error)(User: )
Description: repakt10.exe4.34.0.6500e5ab6MSVBVM60.DLL6.0.98.154a5bda6cc00000050000b3fa11cc01cf1876348c3ee8D:\labelwin\repakt10.exeC:\Windows\system32\MSVBVM60.DLL859b5363-8469-11e3-8e03-0004619288f2

Error: (01/13/2014 00:40:40 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"K:\---Multisession---\---Audio Apps---\iTunes\iTunes64Setup.exe

Error: (01/05/2014 01:56:33 AM) (Source: Application Error)(User: )
Description: sidebar.exe6.1.7601.175144ce79791ntdll.dll6.1.7601.177254ec49b60c0000374000c380b9f401cf095e30cc983aC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\SYSTEM32\ntdll.dll37c2a3a1-75a4-11e3-8277-0004619288f2

Error: (01/02/2014 06:15:55 PM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a8139401cf07d8fed38af1C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll89de605b-73d1-11e3-bd40-0004619288f2

Error: (12/31/2013 11:48:25 PM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a8149c01cf06609aa3be83C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dlla819d17b-726d-11e3-aec5-0004619288f2

Error: (12/01/2013 05:27:32 PM) (Source: Application Error)(User: )
Description: firefox.exe25.0.1.50645282f204xul.dll25.0.1.50645282f10ec000000500118f87128801ceeeb1f51245f1C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll79e4ce8e-5aa5-11e3-b8f3-0004619288f2

Error: (11/20/2013 08:16:58 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487e6401cee6250b1e0a0bC:\Program Files\Avira\AntiVir Desktop\avnotify.exeC:\Program Files\Avira\AntiVir Desktop\avnotify.exe52970c08-5218-11e3-b8d4-0004619288f2

Error: (11/17/2013 07:00:18 PM) (Source: Application Error)(User: )
Description: firefox.exe25.0.0.5046526b1e27xul.dll25.0.0.5046526b1d27c0000005001157e7bdc01cee38ac8d2e76eC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll1da0c119-4fb2-11e3-a801-0004619288f2

Error: (11/16/2013 05:08:39 PM) (Source: Application Error)(User: )
Description: jre-7u45-windows-i586-iftw(3).exe7.0.450.1852542683jre-7u45-windows-i586-iftw(3).exe7.0.450.1852542683c00004090001308d141001cee2e603a4e3d6C:\Users\Grisu\Downloads\jre-7u45-windows-i586-iftw(3).exeC:\Users\Grisu\Downloads\jre-7u45-windows-i586-iftw(3).exe5a3e8f7f-4ed9-11e3-ad54-0004619288f2

Error: (11/13/2013 11:06:49 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567f7401cee09ebe9d188c402C:\Windows\Explorer.EXE30405f96-4caf-11e3-8e7a-0004619288f2


==================== Memory info =========================== 

Percentage of memory in use: 40%
Total physical RAM: 3327.55 MB
Available physical RAM: 1986.53 MB
Total Pagefile: 6653.39 MB
Available Pagefile: 4983.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:14.39 GB) NTFS
Drive d: (System) (Fixed) (Total:114.49 GB) (Free:6.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 114 GB) (Disk ID: EC77EC77)
Partition 1: (Active) - (Size=114 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7 MB) - (Type=17) ATTENTION ===> Suspicious partition bootkit on partition 2

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 31071805)
Partition 1: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-05 14:04:45
Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-4 OCZ-VERTEX3 rev.2.11 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Grisu\AppData\Local\Temp\pgloqpoc.sys


---- System - GMER 2.1 ----

SSDT            94405466                                                                                          ZwCreateSection
SSDT            94405470                                                                                          ZwRequestWaitReplyPort
SSDT            9440546B                                                                                          ZwSetContextThread
SSDT            94405475                                                                                          ZwSetSecurityObject
SSDT            9440547A                                                                                          ZwSystemDebugControl
SSDT            94405407                                                                                          ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                          82A5C3C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                            82A95D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                               82A9CEAC 4 Bytes  [66, 54, 40, 94] {PUSH SP; INC EAX; XCHG ESP, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                               82A9D208 4 Bytes  [70, 54, 40, 94] {JO 0x56; INC EAX; XCHG ESP, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                               82A9D24C 4 Bytes  [6B, 54, 40, 94]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                               82A9D2C8 4 Bytes  [75, 54, 40, 94] {JNZ 0x56; INC EAX; XCHG ESP, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                               82A9D31C 4 Bytes  [7A, 54, 40, 94] {JP 0x56; INC EAX; XCHG ESP, EAX}
.text           ...                                                                                               

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4520] ntdll.dll!LdrGetProcedureAddress + 26          77682239 7 Bytes  JMP 01DFB780 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4520] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D  769393D6 7 Bytes  JMP 02636EDA C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4520] kernel32.dll!QueryPerformanceCounter + 13      7693C435 7 Bytes  JMP 02636EFD C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4520] kernel32.dll!LoadAppInitDlls + 355             7693F4F6 7 Bytes  JMP 01E00836 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4520] GDI32.dll!GetViewportOrgEx + 26C               7603884B 7 Bytes  JMP 02636E5B C:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                            NBVol.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                            NBVolUp.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                            NBVol.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                            NBVolUp.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                            NBVol.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                            NBVolUp.sys

---- EOF - GMER 2.1 ----
Ich hoffe ich habe alles was Ihr benötigt.
Hoffentlich könnt ihr mir helfen

Alt 05.02.2014, 15:17   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7, AVIRA meldet BOO/TDss.O auf D: - Standard

Win7, AVIRA meldet BOO/TDss.O auf D:


Hey,

hast du hier zwei Nicks oder was ist los? Grisu112 und Grisu113? => http://www.trojaner-board.de/149193-js-agent-cfd.html

__________________

__________________
Alt 05.02.2014, 20:28   #3
Grisu113
 
Win7, AVIRA meldet BOO/TDss.O auf D: - Standard

Win7, AVIRA meldet BOO/TDss.O auf D:


Nein nein, ich bin einzig und artig

Hab mich jetzt erst Angemeldet.
Brauchte ich bis jetzt, Gott sei Dank, nicht.
__________________
Alt 05.02.2014, 21:53   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7, AVIRA meldet BOO/TDss.O auf D: - Standard

Win7, AVIRA meldet BOO/TDss.O auf D:


Ok, aaaber:

Zitat:
HKLM\...\Run: [AdobeCS5.5ServiceManager
Ist das ein gewerblich genutzter Rechner?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.02.2014, 22:40   #5
Grisu113
 
Win7, AVIRA meldet BOO/TDss.O auf D: - Standard

Win7, AVIRA meldet BOO/TDss.O auf D:


Absolut nicht !!


Alt 06.02.2014, 09:54   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7, AVIRA meldet BOO/TDss.O auf D: - Standard

Win7, AVIRA meldet BOO/TDss.O auf D:


Also die Antwort find ich etwas dürftig. Wenn das kein gewerblich genutztes System ist, wieso ist denn ein Windows 7 Ultimate drauf, warum CS5 und Coral Draw Graphics Suite?

Zitat:
Hosts: 127.0.0.1 activate.adobe.com
Jetzt seh ich das auch, also ist die Adobe-Software auf deinem Rechner gecrackt

Ist denn wenigstens dein Windows legal?

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________
--> Win7, AVIRA meldet BOO/TDss.O auf D:

Antwort

Themen zu Win7, AVIRA meldet BOO/TDss.O auf D:
antivir, antivirus, avira, bonjour, browser, excel, firefox, flash player, google, homepage, installation, mozilla, ntdll.dll, popup, programm, realtek, registry, scan, security, shark, sketchup, svchost.exe, system, trojaner, updates, virus, windows


« Windows 7: Grün unterstrichene Wörter-links öffnen sich unerwünscht/ und langsames System | Windows 7: Webseiten werden massiv auf Werbung umgeleitet »


Ähnliche Themen: Win7, AVIRA meldet BOO/TDss.O auf D:


  1. Win7: Avira meldet Virus Fund 'JAVA/Dldr.Pesur.JE'
    Log-Analyse und Auswertung - 11.05.2015 (17)
  2. WIN7: RogueKiller meldet Keylogger
    Log-Analyse und Auswertung - 10.01.2015 (11)
  3. Win7: Avira meldet mehrere Funde und ich habe zwei mal explorer.exe im Task-Manager
    Plagegeister aller Art und deren Bekämpfung - 15.12.2014 (12)
  4. Win7/Avira meldet ADWARE/Adware.Gen7
    Log-Analyse und Auswertung - 24.11.2014 (8)
  5. Win7: Chrome läuft nicht mehr - Avira meldet Fehler: TR/Patched.Ren.Gen
    Log-Analyse und Auswertung - 19.11.2014 (29)
  6. AVIRA meldet TR/Crypt.ZPACK.96184 & Win7 64BitPro RegSvr32 Fehler
    Plagegeister aller Art und deren Bekämpfung - 13.09.2014 (11)
  7. WIN7: Malwarebytes meldet POP.Optional
    Log-Analyse und Auswertung - 04.06.2014 (7)
  8. Virenfund bei Avira: BOO/TDss.O
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (20)
  9. Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden
    Log-Analyse und Auswertung - 22.01.2014 (23)
  10. Win Vista: Avira meldet 'BOO/TDss.O' gefunden
    Log-Analyse und Auswertung - 03.01.2014 (32)
  11. WIN7: Avira meldet Fund tr/agent.143516.1
    Log-Analyse und Auswertung - 20.10.2013 (10)
  12. Win7; Avira-Fund:TR/Mevade.A.95 (143 Virenfunde laut Avira)
    Log-Analyse und Auswertung - 06.10.2013 (11)
  13. Win7 Avira Free Antivir meldet TR/Xcrypt.Xpack.8884. Rechner aber schon länger immer langsamer
    Log-Analyse und Auswertung - 10.09.2013 (15)
  14. Win7 meldet sich selbstständig ab
    Alles rund um Windows - 30.07.2013 (2)
  15. Avira AntiVir Personal meldet TOO/TDss.D und EXP/CVE-2010-0840
    Log-Analyse und Auswertung - 16.10.2011 (32)
  16. Virusalarm BOO/TDss.D Erbitte dringend Hilfe, Antivir schafft es nicht!!! Win7,64 bit
    Log-Analyse und Auswertung - 08.10.2011 (8)
  17. Security Allert Center und Avira Funde Net.Worm.Win32.Mytob.t & TR/PCK.Tdss.AA.2442
    Plagegeister aller Art und deren Bekämpfung - 23.01.2010 (30)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win7, AVIRA meldet BOO/TDss.O auf D: - Hallo Trojaner Team. Ich erhalte folgende Meldung von AVIRA: Im Masterbootsektor von Laufwerk 'Masterbootsektor HD0' wurde ein Virus oder unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden. Ausgeführte Aktion: Zugriff verweigern. Im Popup - Win7, AVIRA meldet BOO/TDss.O auf D:...
Archiv
Du betrachtest: Win7, AVIRA meldet BOO/TDss.O auf D: auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129