|  | 
| 
 | |||||||
| Plagegeister aller Art und deren Bekämpfung: Trojan.Siredef.C / Trojan.0Access / Rootkit.0AccessWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. | 
|  07.05.2014, 15:22 | #1 | 
|   |   Trojan.Siredef.C / Trojan.0Access / Rootkit.0Access Hallo liebe Trojaner-Board Gemeinde, meine Schwester hat einen Brief von der Telekom erhalten, daß sich auf ihrem Rechner/Laptop wohl Trojaner befinden. Ich habe erstmal Malwarebytes auf ihrem Laptop installiert, Bedrohungssuchlauf gemacht, Funde wurden angezeigt und in Quarantäne verschoben. Das anschließend installierte Avira hat keine Funde angezeigt (hatte bei der Installation Probleme aufgrund von McAfee welches sich nicht restlos deinstallieren lassen wollte). Aber ich befürchte, daß das System noch nicht sauber ist. Wie sollte ich weiter vorgehen? DANKE schonmal im Voraus! Gruß, Tanja MWBAM > wo finde ich die "richtige" Log-Datei?? Code: 
  ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 06.05.2014 16:18:03, SYSTEM, INA-PC, Protection, Malware Protection, Starting, Protection, 06.05.2014 16:18:03, SYSTEM, INA-PC, Protection, Malware Protection, Started, Protection, 06.05.2014 16:18:03, SYSTEM, INA-PC, Protection, Malicious Website Protection, Starting, Protection, 06.05.2014 16:18:03, SYSTEM, INA-PC, Protection, Malicious Website Protection, Started, Detection, 06.05.2014 16:19:39, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\U\00000004.@, Quarantine, [2d1c857a2c4ead89082234b0b050ed13] Detection, 06.05.2014 16:19:46, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\U\80000032.@, Quarantine, [1732f60991e95fd75cce489ce917a25e] Detection, 06.05.2014 16:20:01, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n, Quarantine, [1c2dae5195e51422d5571fc5bc4445bb] Protection, 06.05.2014 16:20:01, SYSTEM, INA-PC, Protection, DeleteFile, 5, Failed, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n, Error, 06.05.2014 16:20:01, SYSTEM, INA-PC, Protection, DeleteFile, 5, Failed, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n, Detection, 06.05.2014 16:20:01, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\U\80000000.@, Quarantine, [a3a6fc03c1b977bf6ec237c3fe0224dc] Detection, 06.05.2014 16:20:11, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\00000004.@, Quarantine, [2d1c857a2c4ead89082234b0b050ed13] Protection, 06.05.2014 16:20:11, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\00000004.@, Error, 06.05.2014 16:20:11, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\00000004.@, Detection, 06.05.2014 16:20:17, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n, Quarantine, [1c2dae5195e51422d5571fc5bc4445bb] Protection, 06.05.2014 16:20:17, SYSTEM, INA-PC, Protection, DeleteFile, 5, Failed, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n, Error, 06.05.2014 16:20:17, SYSTEM, INA-PC, Protection, DeleteFile, 5, Failed, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n, Detection, 06.05.2014 16:20:17, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000000.@, Quarantine, [a3a6fc03c1b977bf6ec237c3fe0224dc] Protection, 06.05.2014 16:20:17, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000000.@, Error, 06.05.2014 16:20:17, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000000.@, Protection, 06.05.2014 16:20:17, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000032.@, Error, 06.05.2014 16:20:17, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000032.@, Detection, 06.05.2014 16:20:17, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\U\000000cb.@, Quarantine, [bf8a26d9007a40f6b179bf25b9470ff1] Detection, 06.05.2014 16:20:26, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n, Quarantine, [1c2dae5195e51422d5571fc5bc4445bb] Detection, 06.05.2014 16:20:26, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000032.@, Quarantine, [1732f60991e95fd75cce489ce917a25e] Protection, 06.05.2014 16:20:26, SYSTEM, INA-PC, Protection, DeleteFile, 5, Failed, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n, Error, 06.05.2014 16:20:26, SYSTEM, INA-PC, Protection, DeleteFile, 5, Failed, C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n, Detection, 06.05.2014 16:20:26, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\000000cb.@, Quarantine, [bf8a26d9007a40f6b179bf25b9470ff1] Protection, 06.05.2014 16:20:26, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000032.@, Error, 06.05.2014 16:20:26, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000032.@, Detection, 06.05.2014 16:20:26, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000000.@, Quarantine, [a3a6fc03c1b977bf6ec237c3fe0224dc] Protection, 06.05.2014 16:20:27, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\000000cb.@, Error, 06.05.2014 16:20:27, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\000000cb.@, Protection, 06.05.2014 16:20:27, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000000.@, Detection, 06.05.2014 16:20:27, SYSTEM, INA-PC, Protection, Malware Protection, File, Trojan.0Access, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\00000004.@, Quarantine, [2d1c857a2c4ead89082234b0b050ed13] Error, 06.05.2014 16:20:27, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\80000000.@, Protection, 06.05.2014 16:20:27, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\00000004.@, Error, 06.05.2014 16:20:27, SYSTEM, INA-PC, Protection, SDKQuarantine, 1, Failed, c:\$recycle.bin\s-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\u\00000004.@, Detection, 06.05.2014 16:21:54, SYSTEM, INA-PC, Protection, Malicious Website Protection, IP, 195.3.145.57, 59811, Outbound, C:\Windows\explorer.exe, Detection, 06.05.2014 16:21:54, SYSTEM, INA-PC, Protection, Malicious Website Protection, IP, 195.3.145.57, 59811, Outbound, C:\Windows\explorer.exe, Update, 06.05.2014 16:22:23, SYSTEM, INA-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1, Update, 06.05.2014 16:22:26, SYSTEM, INA-PC, Manual, Malware Database, 2014.3.4.9, 2014.5.6.6, Protection, 06.05.2014 16:22:27, SYSTEM, INA-PC, Protection, Refresh, Starting, Protection, 06.05.2014 16:22:27, SYSTEM, INA-PC, Protection, Malicious Website Protection, Stopping, Protection, 06.05.2014 16:22:28, SYSTEM, INA-PC, Protection, Malicious Website Protection, Stopped, Protection, 06.05.2014 16:22:33, SYSTEM, INA-PC, Protection, Refresh, Success, Protection, 06.05.2014 16:22:33, SYSTEM, INA-PC, Protection, Malicious Website Protection, Starting, Protection, 06.05.2014 16:22:33, SYSTEM, INA-PC, Protection, Malicious Website Protection, Started, (end) Code: 
  ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-05-2014 Ran by ina (administrator) on INA-PC on 07-05-2014 15:54:37 Running from C:\Users\ina\Desktop Microsoft Windows 7 Home Premium (X86) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Adobe Systems Inc.) C:\Program Files\Acrobat 8.0\Acrobat\acrotray.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (1und1 Mail und Media GmbH) C:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1&1 Mail & Media GmbH) C:\Program Files\GMX\GMX Upload-Manager\DAVSRV.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Dropbox, Inc.) C:\Users\ina\AppData\Roaming\Dropbox\bin\Dropbox.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe () C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8092192 2009-11-21] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-10] (Synaptics Incorporated) HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink) HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.) HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.) HKLM\...\Run: [APLangApp] => C:\Program Files\AnyPC Client\APLangApp.exe [13312 2009-10-20] (DoctorSoft) HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [Adobe_ID0EYTHM] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.) HKLM\...\Run: [] => [X] HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [1728064 2013-10-17] (1und1 Mail und Media GmbH) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [MailCheck IE Update] - "C:\ProgramData\1&1 Mail & Media GmbH\MailCheck IE\Update\nsjB4E0.tmp\GMX_MailCheck_IE_Update_2.5.1.0.exe" /S /QUIET=1 [3037168 2014-05-07] (1&1 Mail & Media GmbH) HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-01-17] (Google Inc.) HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [GMX_GMX Upload-Manager] => C:\Program Files\GMX\GMX Upload-Manager\DAVSRV.EXE [940128 2010-11-19] (1&1 Mail & Media GmbH) HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\RunOnce: [FlashPlayerUpdate] - C:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe [233936 2011-01-17] (Adobe Systems, Inc.) HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2\n. ATTENTION! ====> ZeroAccess? Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Acrobat 8.0\Acrobat\AdobeCollabSync.exe () Startup: C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\ina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de SearchScopes: HKCU - {7C9F9AFC-1B2A-4269-8E91-6613FF649847} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie SearchScopes: HKCU - {7DD472E5-D1C1-41BB-959C-FEDAD33D7FDD} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {906B5895-30B2-4904-914C-650974005CB7} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {BCB191CC-9A3A-416B-ACE2-2500BAC00922} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - GMX MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} hxxp://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) ========================== Services (Whitelisted) ================= S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] () R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () S2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [135648 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-07] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation) S1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH) R1 uigxrdr; C:\windows\System32\DRIVERS\uigxrdr.sys [144896 2010-11-19] (1&1 Mail & Media GmbH) R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-07 15:54 - 2014-05-07 15:55 - 00016118 _____ () C:\Users\ina\Desktop\FRST.txt 2014-05-07 15:54 - 2014-05-07 15:54 - 00000000 ____D () C:\FRST 2014-05-07 15:41 - 2014-05-07 15:41 - 01053184 _____ (Farbar) C:\Users\ina\Desktop\FRST.exe 2014-05-07 15:29 - 2014-05-07 15:29 - 00013824 ___SH () C:\Users\ina\Desktop\Thumbs.db 2014-05-07 15:29 - 2014-05-07 15:29 - 00008749 _____ () C:\Users\ina\Desktop\mwbam.txt 2014-05-07 14:19 - 2014-05-07 14:19 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2014-05-07 14:03 - 2014-05-07 14:03 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Avira 2014-05-07 14:00 - 2014-05-07 14:00 - 00002016 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\ProgramData\Avira 2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\Program Files\Avira 2014-05-07 14:00 - 2014-02-25 11:41 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-05-07 14:00 - 2014-02-25 11:41 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2014-05-07 14:00 - 2014-02-25 11:41 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2014-05-07 14:00 - 2014-02-25 11:41 - 00028520 _____ (Avira GmbH) C:\windows\system32\Drivers\ssmdrv.sys 2014-05-07 13:52 - 2014-05-07 13:52 - 00000000 ____D () C:\ProgramData\UUdb 2014-05-07 13:51 - 2014-05-07 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-05-07 13:51 - 2014-05-07 13:51 - 00000000 ____D () C:\Program Files\CCleaner 2014-05-07 13:49 - 2014-05-07 13:49 - 00004241 _____ () C:\windows\system32\jupdate-1.7.0_55-b14.log 2014-05-07 13:49 - 2014-05-07 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-07 13:49 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll 2014-05-07 13:49 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2014-05-07 13:49 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2014-05-07 13:49 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe 2014-05-06 16:18 - 2014-05-07 13:43 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-06 16:17 - 2014-05-06 16:17 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-06 16:17 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-05-06 16:17 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-05-06 16:17 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-05-06 16:16 - 2014-05-06 16:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ina\Desktop\mbam-setup-2.0.1.1004.exe 2014-05-06 16:15 - 2014-05-06 16:03 - 138607664 _____ () C:\Users\ina\Desktop\avira_free_antivirus614_de.exe 2014-04-25 21:13 - 2014-04-25 21:13 - 00129814 _____ () C:\Users\ina\Downloads\kontoauszüge.zip 2014-04-25 20:56 - 2014-05-07 13:43 - 00000000 ___RD () C:\Users\ina\Dropbox 2014-04-25 20:56 - 2014-04-25 20:56 - 00001035 _____ () C:\Users\ina\Desktop\Dropbox.lnk 2014-04-25 20:52 - 2014-04-25 20:56 - 00000000 ____D () C:\Users\ina\AppData\Roaming\DropboxMaster 2014-04-25 20:52 - 2014-04-25 20:52 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-25 20:49 - 2014-05-07 13:43 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Dropbox 2014-04-14 21:10 - 2014-04-14 21:10 - 00001309 _____ () C:\Users\ina\Downloads\altmuehltal_Mo.mpjs 2014-04-09 10:47 - 2014-04-09 10:47 - 00618496 _____ () C:\Users\ina\Documents\Kundeninfomailing Esprit spring Flyer 2014.ppt 2014-04-09 10:43 - 2014-04-09 10:43 - 00039456 _____ () C:\Users\ina\Downloads\adressen infomailing rabattaktion flyer.xlsx 2014-04-09 09:45 - 2014-04-09 09:45 - 00626622 _____ () C:\Users\ina\Downloads\Kundeninfomailing Esprit spring Flyer 2014.pptx 2014-04-07 21:28 - 2014-04-07 21:29 - 00005523 _____ () C:\windows\system32\jupdate-1.7.0_51-b13.log 2014-04-07 21:15 - 2014-04-07 21:15 - 00092382 _____ () C:\Users\ina\Downloads\KONTOAUSZUEGE.zip ==================== One Month Modified Files and Folders ======= 2014-05-07 15:55 - 2014-05-07 15:54 - 00016118 _____ () C:\Users\ina\Desktop\FRST.txt 2014-05-07 15:54 - 2014-05-07 15:54 - 00000000 ____D () C:\FRST 2014-05-07 15:54 - 2009-12-05 04:40 - 01207450 _____ () C:\windows\WindowsUpdate.log 2014-05-07 15:48 - 2011-01-17 22:04 - 00001092 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-07 15:41 - 2014-05-07 15:41 - 01053184 _____ (Farbar) C:\Users\ina\Desktop\FRST.exe 2014-05-07 15:29 - 2014-05-07 15:29 - 00013824 ___SH () C:\Users\ina\Desktop\Thumbs.db 2014-05-07 15:29 - 2014-05-07 15:29 - 00008749 _____ () C:\Users\ina\Desktop\mwbam.txt 2014-05-07 14:19 - 2014-05-07 14:19 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2014-05-07 14:03 - 2014-05-07 14:03 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Avira 2014-05-07 14:00 - 2014-05-07 14:00 - 00002016 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\ProgramData\Avira 2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\Program Files\Avira 2014-05-07 13:54 - 2010-09-27 21:13 - 00000000 ____D () C:\Users\ina\Tracing 2014-05-07 13:54 - 2009-07-26 22:57 - 00000000 ____D () C:\windows\Panther 2014-05-07 13:52 - 2014-05-07 13:52 - 00000000 ____D () C:\ProgramData\UUdb 2014-05-07 13:52 - 2013-09-02 20:57 - 00001978 _____ () C:\Users\ina\Desktop\Amazon.lnk 2014-05-07 13:52 - 2013-09-02 20:57 - 00001972 _____ () C:\Users\ina\Desktop\GMX.lnk 2014-05-07 13:52 - 2013-09-02 20:57 - 00001970 _____ () C:\Users\ina\Desktop\eBay.lnk 2014-05-07 13:52 - 2013-09-02 20:57 - 00000000 ____D () C:\ProgramData\DesktopIcons 2014-05-07 13:52 - 2013-09-02 20:57 - 00000000 ____D () C:\Program Files\1und1Softwareaktualisierung 2014-05-07 13:51 - 2014-05-07 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-05-07 13:51 - 2014-05-07 13:51 - 00000000 ____D () C:\Program Files\CCleaner 2014-05-07 13:49 - 2014-05-07 13:49 - 00004241 _____ () C:\windows\system32\jupdate-1.7.0_55-b14.log 2014-05-07 13:49 - 2014-05-07 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-07 13:49 - 2013-09-16 22:25 - 00000000 ____D () C:\ProgramData\Oracle 2014-05-07 13:49 - 2011-07-02 15:42 - 00000000 ____D () C:\Program Files\Java 2014-05-07 13:49 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-07 13:49 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-07 13:43 - 2014-05-06 16:18 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-07 13:43 - 2014-04-25 20:56 - 00000000 ___RD () C:\Users\ina\Dropbox 2014-05-07 13:43 - 2014-04-25 20:49 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Dropbox 2014-05-07 13:42 - 2011-01-17 22:04 - 00001088 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-07 13:42 - 2010-04-30 20:34 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-05-07 13:42 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-05-07 13:36 - 2009-07-26 22:06 - 01472002 _____ () C:\windows\system32\PerfStringBackup.INI 2014-05-06 16:17 - 2014-05-06 16:17 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-06 16:17 - 2014-05-06 16:17 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-06 16:12 - 2009-12-05 04:57 - 00000000 ____D () C:\Program Files\Common Files\McAfee 2014-05-06 16:03 - 2014-05-06 16:15 - 138607664 _____ () C:\Users\ina\Desktop\avira_free_antivirus614_de.exe 2014-05-06 16:00 - 2014-05-06 16:16 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ina\Desktop\mbam-setup-2.0.1.1004.exe 2014-04-25 21:15 - 2011-10-06 20:30 - 00678912 ___SH () C:\Users\ina\Downloads\Thumbs.db 2014-04-25 21:13 - 2014-04-25 21:13 - 00129814 _____ () C:\Users\ina\Downloads\kontoauszüge.zip 2014-04-25 20:56 - 2014-04-25 20:56 - 00001035 _____ () C:\Users\ina\Desktop\Dropbox.lnk 2014-04-25 20:56 - 2014-04-25 20:52 - 00000000 ____D () C:\Users\ina\AppData\Roaming\DropboxMaster 2014-04-25 20:56 - 2010-04-30 20:34 - 00000000 ____D () C:\Users\ina 2014-04-25 20:52 - 2014-04-25 20:52 - 00000000 ____D () C:\Users\ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-14 21:10 - 2014-04-14 21:10 - 00001309 _____ () C:\Users\ina\Downloads\altmuehltal_Mo.mpjs 2014-04-14 20:13 - 2014-05-07 13:49 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll 2014-04-14 20:05 - 2014-05-07 13:49 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2014-04-14 20:05 - 2014-05-07 13:49 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2014-04-14 20:04 - 2014-05-07 13:49 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe 2014-04-09 10:47 - 2014-04-09 10:47 - 00618496 _____ () C:\Users\ina\Documents\Kundeninfomailing Esprit spring Flyer 2014.ppt 2014-04-09 10:43 - 2014-04-09 10:43 - 00039456 _____ () C:\Users\ina\Downloads\adressen infomailing rabattaktion flyer.xlsx 2014-04-09 09:45 - 2014-04-09 09:45 - 00626622 _____ () C:\Users\ina\Downloads\Kundeninfomailing Esprit spring Flyer 2014.pptx 2014-04-07 21:29 - 2014-04-07 21:28 - 00005523 _____ () C:\windows\system32\jupdate-1.7.0_51-b13.log 2014-04-07 21:15 - 2014-04-07 21:15 - 00092382 _____ () C:\Users\ina\Downloads\KONTOAUSZUEGE.zip ZeroAccess: C:\$Recycle.Bin\S-1-5-21-1871111397-3539990770-1974983793-1000\$01829c4843ffed9910a98819c8a86cd2 Some content of TEMP: ==================== C:\Users\ina\AppData\Local\Temp\0020201399462798mcinst.exe C:\Users\ina\AppData\Local\Temp\avgnt.exe C:\Users\ina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxcfbtp.dll C:\Users\ina\AppData\Local\Temp\GMX_Toolbar_IE_Setup.exe ==================== Bamital & volsnap Check ================= C:\windows\explorer.exe => MD5 is legit C:\windows\system32\winlogon.exe => MD5 is legit C:\windows\system32\wininit.exe => MD5 is legit C:\windows\system32\svchost.exe => MD5 is legit C:\windows\system32\services.exe => MD5 is legit C:\windows\system32\User32.dll => MD5 is legit C:\windows\system32\userinit.exe => MD5 is legit C:\windows\system32\rpcss.dll => MD5 is legit C:\windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-06 16:55 ==================== End Of Log ============================ Code: 
  ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-05-2014
Ran by ina at 2014-05-07 15:55:24
Running from C:\Users\ina\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: McAfee  Anti-Virus und Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee  Anti-Virus und Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee  Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
==================== Installed Programs ======================
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.0.0 - Adobe Systems) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen (HKLM\...\Adobe_061850775b1c6d22bf2a145678e05e0) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS3 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Flash CS3 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player 9 Plugin (HKLM\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Flash Video Encoder (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS3 (Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Server (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.23 - Doctorsoft)
Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Bertelsmann Fotowelt (HKLM\...\Bertelsmann Fotowelt) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.2806 - CyberLink Corp.) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink Power2Go (Version: 6.0.3108a - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDirector (Version: 7.0.3213 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerDVD 8 (Version: 8.0.2815b - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.1.1812 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.3304 - CyberLink Corp.) Hidden
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A5675A9E-F073-414A-9A04-F9BCD50459D7}) (Version: 4.2.6 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Game Pack (HKLM\...\{63eafc52-b963-4297-a7eb-d412944e7065}_is1) (Version: 5.3.0.10 - Oberon Media, Inc.)
GMX Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
GMX MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.4.0.0 - 1&1 Mail & Media GmbH)
GMX Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
GMX Upload-Manager (HKLM\...\GMX Upload-Manager) (Version: 2.0.636 - 1&1 Mail & Media GmbH)
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version:  - Oberon Media)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5986 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.4 - Samsung)
Samsung Support Center (HKLM\...\{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}) (Version: 1.0.21 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Restore Points  =========================
16-09-2013 20:22:36 Removed Java(TM) 6 Update 22
16-09-2013 20:24:03 Installed Java 7 Update 40
27-09-2013 10:22:48 Geplanter Prüfpunkt
07-04-2014 19:27:46 Installed Java 7 Update 51
07-05-2014 11:48:32 Installed Java 7 Update 55
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {110619EF-A0A9-4992-9497-EF4A242695BE} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-10-07] (SEC)
Task: {210FA61D-92F6-4FEE-B312-06AF7D4D93D5} - System32\Tasks\APSchedulerC => C:\Program Files\AnyPC Client\APLanMgrC.exe [2009-10-20] (DoctorSoft)
Task: {2D577A20-059C-43FE-B6C0-1FB82EC956F8} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {36AE1841-8B96-49C1-B110-E620D8D7DB28} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {3B9AB2A9-EB92-41E8-819C-2440A7A09029} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-17] (Google Inc.)
Task: {48A6287D-9267-44E7-99FD-21FCA0982FF8} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2009-07-24] ()
Task: {672F06DF-7CC5-48DD-9A71-A8F6E27B3CA4} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {88A49655-48B3-4C5D-8CD2-9B43A4A79D2F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.)
Task: {8D4D5684-8FAB-4077-95EB-C9C0BBB68E80} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {9A171F4D-432A-42AF-A3CC-EBCB4A1C5430} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {C02A9DB1-4C19-44BF-BBF5-C2832C7AE439} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CC0D875C-93E1-46F8-B7B7-80E0B3BCFA41} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {D3618680-E03A-4147-BB35-A0A3126DD8DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-17] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-04-30 20:36 - 2009-08-13 21:58 - 00044312 _____ () C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
2009-12-05 04:50 - 2009-07-07 20:23 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2009-06-03 13:59 - 2009-06-03 13:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 13:59 - 2009-06-03 13:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2014-05-07 13:43 - 2014-05-07 13:43 - 00041984 _____ () c:\users\ina\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxcfbtp.dll
2014-04-25 20:52 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\ina\AppData\Roaming\Dropbox\bin\libcef.dll
2009-12-05 04:54 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2011-01-17 16:19 - 2011-07-02 15:44 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2009-12-05 04:45 - 2009-07-24 06:46 - 00650920 _____ () C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
2009-12-05 04:45 - 2009-05-13 10:51 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
2014-05-07 14:00 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/06/2014 04:57:10 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/06/2014 04:56:06 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/06/2014 04:19:50 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x944
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (05/06/2014 04:11:27 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: McSvHost.exe, Version: 2.0.230.0, Zeitstempel: 0x4d41ff35
Name des fehlerhaften Moduls: naiann.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4d545190
Ausnahmecode: 0xc0000005
Fehleroffset: 0x665b0296
ID des fehlerhaften Prozesses: 0x368
Startzeit der fehlerhaften Anwendung: 0xMcSvHost.exe0
Pfad der fehlerhaften Anwendung: McSvHost.exe1
Pfad des fehlerhaften Moduls: McSvHost.exe2
Berichtskennung: McSvHost.exe3
Error: (04/07/2014 08:59:14 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: cdsupdclient.exe, Version: 2.0.3.60, Zeitstempel: 0x51c01cfb
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16624, Zeitstempel: 0x4c297c56
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000470c2
ID des fehlerhaften Prozesses: 0x1338
Startzeit der fehlerhaften Anwendung: 0xcdsupdclient.exe0
Pfad der fehlerhaften Anwendung: cdsupdclient.exe1
Pfad des fehlerhaften Moduls: cdsupdclient.exe2
Berichtskennung: cdsupdclient.exe3
Error: (04/07/2014 08:57:55 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm iexplore.exe, Version 8.0.7600.16700 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 10c4
Startzeit: 01cf5292e543f7b4
Endzeit: 16
Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
Berichts-ID: 8456f01d-be86-11e3-9129-0024542864ce
Error: (03/28/2014 09:50:59 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/28/2014 09:49:24 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/23/2014 10:31:40 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16700, Zeitstempel: 0x4cd23213
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16624, Zeitstempel: 0x4c297c56
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00025577
ID des fehlerhaften Prozesses: 0x608
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (02/11/2014 10:43:11 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm iexplore.exe, Version 8.0.7600.16700 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1088
Startzeit: 01cf2767beb4cff5
Endzeit: 27
Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
Berichts-ID: 1c9ec36d-935d-11e3-a169-0024542864ce
System errors:
=============
Error: (05/07/2014 03:37:18 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891
Error: (05/07/2014 03:37:18 PM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891
Error: (05/07/2014 02:20:47 PM) (Source: Service Control Manager) (User: ) (EventID: 7024)
Description: Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem Fehler beendet: %%5.
Error: (05/07/2014 02:19:02 PM) (Source: Service Control Manager) (User: ) (EventID: 7024)
Description: Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem Fehler beendet: %%5.
Error: (05/07/2014 02:18:21 PM) (Source: Service Control Manager) (User: ) (EventID: 7024)
Description: Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem Fehler beendet: %%5.
Error: (05/07/2014 02:18:04 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891
Error: (05/07/2014 02:18:04 PM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891
Error: (05/07/2014 02:17:41 PM) (Source: Service Control Manager) (User: ) (EventID: 7024)
Description: Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem Fehler beendet: %%5.
Error: (05/07/2014 02:02:04 PM) (Source: Service Control Manager) (User: ) (EventID: 7024)
Description: Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem Fehler beendet: %%5.
Error: (05/07/2014 01:47:22 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891
Microsoft Office Sessions:
=========================
Error: (05/06/2014 04:57:10 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest
Error: (05/06/2014 04:56:06 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest
Error: (05/06/2014 04:19:50 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000050000000094401cf69363b9646d7C:\windows\System32\svchost.exeunknown7b7681a9-d529-11e3-ac34-0024542864ce
Error: (05/06/2014 04:11:27 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: McSvHost.exe2.0.230.04d41ff35naiann.dll_unloaded0.0.0.04d545190c0000005665b029636801cf693414aae806C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exenaiann.dll4fa5b352-d528-11e3-a156-0024542864ce
Error: (04/07/2014 08:59:14 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: cdsupdclient.exe2.0.3.6051c01cfbole32.dll6.1.7600.166244c297c56c0000005000470c2133801cf52937737d756C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exeC:\windows\system32\ole32.dllb5c42390-be86-11e3-9129-0024542864ce
Error: (04/07/2014 08:57:55 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: iexplore.exe8.0.7600.1670010c401cf5292e543f7b416C:\Program Files\Internet Explorer\iexplore.exe8456f01d-be86-11e3-9129-0024542864ce
Error: (03/28/2014 09:50:59 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest
Error: (03/28/2014 09:49:24 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest
Error: (03/23/2014 10:31:40 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: iexplore.exe8.0.7600.167004cd23213ole32.dll6.1.7600.166244c297c56c00000050002557760801cf46d5bd6b8180C:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\ole32.dll236eb456-b2ca-11e3-a084-0024542864ce
Error: (02/11/2014 10:43:11 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: iexplore.exe8.0.7600.16700108801cf2767beb4cff527C:\Program Files\Internet Explorer\iexplore.exe1c9ec36d-935d-11e3-a169-0024542864ce
==================== Memory info =========================== 
Percentage of memory in use: 53%
Total physical RAM: 2008.61 MB
Available physical RAM: 935.13 MB
Total Pagefile: 4017.21 MB
Available Pagefile: 2722.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.07 GB) (Free:52.76 GB) NTFS
Drive d: () (Fixed) (Total:106.72 GB) (Free:106.48 GB) NTFS
Drive e: (Disc) (CDROM) (Total:0.15 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 0E0EF5DF)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=107 GB) - (Type=07 NTFS)
==================== End Of Log ============================
          | 
| Themen zu Trojan.Siredef.C / Trojan.0Access / Rootkit.0Access | 
| antivir, antivirus, association, avg, avira, bonjour, device driver, entfernen, failed, fehler, flash player, google, home, iexplore.exe, installation, kunde, log-datei, mozilla, outbound, programm, realtek, refresh, registry, rootkit, scan, security, services.exe, software, svchost.exe, system, windows |