Mögliches Botnetz?

LeaSWE · 04.07.2014, 20:46

Hallo ihr Lieben,

ich habe seit ein paar Tagen das Problem, dass einige Internetseiten mir keinen Zugang mehr gewähren, bzw nur einen temporären nach Captcha-Prüfung. Es kommt immer folgende Meldung:

"One more step, Please complete the security check to access (webadresse)."

Ich habe dann über google rausgefunden, dass meine IP Adresse wohl blockiert wird, weil damit schund betrieben werden würde? Ich mache nichts anderes im Internet außer facebook, youtube, emails, mit meiner Familie in Schweden skypen, twitch.tv und über Steam zu spielen, weiß also nicht was mit meiner IP angestellt werden sollte und mein Router ist auch durch ein Passwort geschützt.

Leider bin ich bei Kabel Deutschland und meine IP wechselt nicht einfach, wenn man das Stromkabel herauszieht, außerdem wäre das Problem ja dann wohlmöglich in Kürze wieder da, oder?

Ich habe meine IP mal auf dieser homepage geprüft: hxxp://www.blacklistalert.org/ und ich bin gesperrt auf:

Zitat:

bl.spameatingmonkey.net Listed! See why
cbl.abuseat.org Listed! See why
dnsbl.inps.de Listed! See why
dnsbl.justspam.org Listed! See why
ip.v4bl.org Listed! See why
l2.apews.org Listed! See why
psbl.surriel.com Listed! See why
spam.dnsbl.anonmails.de Listed! See why
ubl.unsubscore.com Listed! See why

Bei einer der Seiten stand bei "See why" dann auch eine Begründung die wie folgt lautet:

Zitat:

IP Address "meine ip" is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet.

It was last detected at 2014-06-30 18:00 GMT (+/- 30 minutes), approximately 4 days, 1 hours, 30 minutes ago.

This IP is infected (or NATting for a computer that is infected) with the kelihos spambot. In other words, it's participating in a botnet.

If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.

Was kann ich jetzt tun? Bitte um Hilfe.

Habe auch große Angst dass vielleicht meine Daten in gefahr sind, da ich mich in den letzten Tagen auf einigen Seiten eingeloggt habe oder ist das hier nicht der Fall? Vielen lieben Dank schonmal und ein schönes Wochenende. ~Lea

aharonov · 04.07.2014, 20:58

Hallo,

schauen wir mal rein:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

LeaSWE · 04.07.2014, 21:24

Hallo, vielen Dank schon mal. Hier die Logdateien:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:03-07-2014
Ran by Lea (administrator) on LEA on 04-07-2014 22:07:04
Running from C:\Users\Lea\Desktop
Platform: Microsoft Windows 8 Pro (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Spotify Ltd) C:\Users\Lea\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(mIRC Co. Ltd.) C:\Program Files\mIRC\mirc.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5708432 2012-06-12] (Realtek Semiconductor)
HKU\S-1-5-21-3618845328-3567646341-2803681407-1001\...\Run: [Google Update] => C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-29] (Google Inc.)
HKU\S-1-5-21-3618845328-3567646341-2803681407-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18706176 2013-01-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3618845328-3567646341-2803681407-1001\...\Run: [Steam] => D:\Program Files\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-3618845328-3567646341-2803681407-1001\...\Run: [Spotify Web Helper] => C:\Users\Lea\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-27] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\ahrxp4jq.default
FF Homepage: www.google.de
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com')%20%7B%20return%20'PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lea\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lea\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Anti-Aliasing Tuner - C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\ahrxp4jq.default\Extensions\aatuner@hotmint.com [2013-01-29]
FF Extension: Adblock Plus - C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\ahrxp4jq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-29]

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR StartupUrls: "hxxp://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\Lea\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lea\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lea\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Google Update) - C:\Users\Lea\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-29]
CHR Extension: (Google Drive) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-29]
CHR Extension: (YouTube) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-29]
CHR Extension: (Adblock Plus) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-01-29]
CHR Extension: (Google-Suche) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-29]
CHR Extension: (ProxMate - Improve your Internet!) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-04-01]
CHR Extension: (Google Wallet) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-05]
CHR Extension: (Google Mail) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-29]

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [157184 2012-02-02] (Atheros Commnucations)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2014-03-28] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 athr; C:\Windows\system32\DRIVERS\athr.sys [2273280 2012-06-02] (Qualcomm Atheros Communications, Inc.)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)
R3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [253288 2012-02-10] (Atheros)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [242240 2013-04-19] (DT Soft Ltd)
R3 RSPCIESTOR; C:\Windows\system32\DRIVERS\RtsPStor.sys [256616 2012-03-29] (Realtek Semiconductor Corp.)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 amdiox86; \SystemRoot\System32\drivers\amdiox86.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-04 22:07 - 2014-07-04 22:07 - 00009912 _____ () C:\Users\Lea\Desktop\FRST.txt
2014-07-04 22:06 - 2014-07-04 22:07 - 00000000 ____D () C:\FRST
2014-07-04 22:03 - 2014-07-04 22:03 - 01073664 _____ (Farbar) C:\Users\Lea\Desktop\FRST.exe
2014-06-27 21:51 - 2014-06-27 21:51 - 01742864 _____ () C:\Users\Lea\Downloads\wrar510.exe
2014-06-26 22:58 - 2014-06-26 22:58 - 02347384 _____ (ESET) C:\Users\Lea\Downloads\esetsmartinstaller_deu.exe
2014-06-26 22:58 - 2014-06-26 22:58 - 00000000 ____D () C:\Program Files\ESET
2014-06-26 20:03 - 2014-06-26 20:03 - 00000000 ____D () C:\ProgramData\Blizzard
2014-06-22 05:56 - 2014-06-22 05:56 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3618845328-3567646341-2803681407-1001Core1cf8dcdeaf0100c.job
2014-06-13 06:00 - 2014-07-02 01:01 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 06:00 - 2014-06-13 06:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-13 05:59 - 2014-06-13 05:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lea\Documents\mbam-setup-2.0.2.1012.exe
2014-06-13 05:59 - 2014-06-13 05:59 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-13 05:59 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-13 05:59 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-12 16:02 - 2014-05-24 03:27 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 16:02 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 16:02 - 2014-05-24 03:26 - 00661504 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-06-12 16:02 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 16:02 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 16:02 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 16:02 - 2014-05-24 03:26 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-06-12 16:02 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 16:02 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 16:02 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 16:02 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 16:02 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 16:02 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-12 16:02 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 16:02 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 16:02 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 16:02 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 16:01 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 16:01 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 16:01 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 16:01 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 16:01 - 2014-05-03 06:06 - 02800128 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 16:01 - 2014-04-30 00:31 - 01075712 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-06-12 16:01 - 2014-04-03 11:17 - 01799512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 16:01 - 2014-04-03 10:47 - 00297304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-06-12 16:01 - 2014-04-03 05:09 - 00495104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-06-12 16:01 - 2014-04-01 00:07 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-06-12 16:01 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-06-12 16:01 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 21:50 - 2014-06-10 21:50 - 00000092 _____ () C:\Users\Lea\Desktop\eis.de bestellung.txt

==================== One Month Modified Files and Folders =======

2014-07-04 22:07 - 2014-07-04 22:07 - 00009912 _____ () C:\Users\Lea\Desktop\FRST.txt
2014-07-04 22:07 - 2014-07-04 22:06 - 00000000 ____D () C:\FRST
2014-07-04 22:03 - 2014-07-04 22:03 - 01073664 _____ (Farbar) C:\Users\Lea\Desktop\FRST.exe
2014-07-04 21:09 - 2013-01-29 22:22 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\mIRC
2014-07-04 21:00 - 2012-07-26 08:53 - 00000000 ____D () C:\Windows\system32\sru
2014-07-04 18:12 - 2013-01-29 20:45 - 01364474 _____ () C:\Windows\WindowsUpdate.log
2014-07-04 05:33 - 2012-07-26 08:53 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-04 00:44 - 2012-07-26 06:17 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-03 05:18 - 2013-01-29 23:17 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\Skype
2014-07-02 01:01 - 2014-06-13 06:00 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 00:53 - 2013-01-29 20:48 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-30 12:06 - 2012-07-26 08:53 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-27 21:51 - 2014-06-27 21:51 - 01742864 _____ () C:\Users\Lea\Downloads\wrar510.exe
2014-06-27 21:51 - 2013-02-05 02:54 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-27 21:51 - 2013-02-05 02:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-27 21:51 - 2013-02-05 02:54 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-26 22:58 - 2014-06-26 22:58 - 02347384 _____ (ESET) C:\Users\Lea\Downloads\esetsmartinstaller_deu.exe
2014-06-26 22:58 - 2014-06-26 22:58 - 00000000 ____D () C:\Program Files\ESET
2014-06-26 21:55 - 2013-01-29 22:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-26 21:55 - 2013-01-29 20:38 - 00005088 _____ () C:\Windows\PFRO.log
2014-06-26 21:55 - 2012-07-26 08:04 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-26 20:03 - 2014-06-26 20:03 - 00000000 ____D () C:\ProgramData\Blizzard
2014-06-22 05:56 - 2014-06-22 05:56 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3618845328-3567646341-2803681407-1001Core1cf8dcdeaf0100c.job
2014-06-18 16:28 - 2014-05-10 05:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-13 15:01 - 2013-02-03 14:26 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-06-13 12:50 - 2012-07-26 08:53 - 00000000 ____D () C:\Windows\rescache
2014-06-13 12:24 - 2012-07-26 06:17 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-13 06:00 - 2014-06-13 06:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-13 06:00 - 2013-07-24 09:31 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\Malwarebytes
2014-06-13 06:00 - 2013-07-24 09:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-13 05:59 - 2014-06-13 05:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lea\Documents\mbam-setup-2.0.2.1012.exe
2014-06-13 05:59 - 2014-06-13 05:59 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-13 04:31 - 2013-08-15 07:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 04:26 - 2013-01-30 20:54 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 16:14 - 2012-07-26 08:43 - 00000000 ____D () C:\Windows\CbsTemp
2014-06-12 16:12 - 2012-07-26 08:53 - 00000000 ____D () C:\Windows\system32\de-DE
2014-06-10 21:50 - 2014-06-10 21:50 - 00000092 _____ () C:\Users\Lea\Downloads\bestell.txt

Some content of TEMP:
====================
C:\Users\Lea\AppData\Local\Temp\13-1_mobility_vista_win7_win8_32_dd_ccc_whql.exe
C:\Users\Lea\AppData\Local\Temp\devcon.exe
C:\Users\Lea\AppData\Local\Temp\mirc729.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-03 16:55

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:03-07-2014
Ran by Lea at 2014-07-04 22:08:20
Running from C:\Users\Lea\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{625F07A5-04BC-4C60-7B55-5CE9A967E18B}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
AMD VISION Engine Control Center (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hotline Miami (HKLM\...\Steam App 219150) (Version:  - Dennaton Games)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe (x86) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mIRC (HKLM\...\mIRC) (Version: 7.29 - mIRC Co. Ltd.)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Skype™ 6.1 (HKLM\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.1.129 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Restore Points  =========================

10-06-2014 15:18:17 Geplanter Prüfpunkt
20-06-2014 05:54:21 Geplanter Prüfpunkt
28-06-2014 05:31:00 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3D27B6DC-5D28-49C6-A027-3F49AB41E401} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-06-13] (Microsoft Corporation)
Task: {545C008C-4471-44F8-AD15-96CB8BB2BB0C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {5A69D491-538F-41EE-851E-277EF291238F} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {EF9592CE-7796-47A6-9CD5-8630640D45BB} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3618845328-3567646341-2803681407-1001Core1cf8dcdeaf0100c.job => C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-19 16:31 - 2012-12-19 16:31 - 00065024 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-12-19 16:31 - 2012-12-19 16:31 - 00095232 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

HKCU\...\StartupApproved\Run: => "Google Update"
HKCU\...\StartupApproved\Run: => "Skype"
HKCU\...\StartupApproved\Run: => "Steam"

==================== Faulty Device Manager Devices =============

Name: HP Webcam-101
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/28/2014 06:57:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Map.exe, Version 1.2.0.136 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2d4

Startzeit: 01cf928d6b949486

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x86__8wekyb3d8bbwe\Map.exe

Berichts-ID: b639500c-fe80-11e3-afcc-d0df9a1a31be

Vollständiger Name des fehlerhaften Pakets: Microsoft.BingMaps_1.2.0.136_x86__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppexMaps

Error: (06/28/2014 06:57:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LEA)
Description: Das Paket „Microsoft.BingMaps_1.2.0.136_x86__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (06/25/2014 08:57:36 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/21/2014 06:29:44 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/19/2014 04:17:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xb80
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (06/19/2014 04:17:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 30.0.0.5269 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 11cc

Startzeit: 01cf8bc2cbe0f585

Endzeit: 62

Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID: 7ea79393-f7bc-11e3-afcb-d0df9a1a31be

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (06/18/2014 02:13:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 29.0.1.5239 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c64

Startzeit: 01cf8aec2efb0fd2

Endzeit: 15

Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID: f67285ec-f6e1-11e3-afcb-d0df9a1a31be

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (06/18/2014 01:22:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LEA)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147467263. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (06/18/2014 01:22:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LEA)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147467263. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (06/18/2014 00:06:13 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


System errors:
=============
Error: (07/04/2014 01:31:54 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/03/2014 02:06:49 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/02/2014 08:19:26 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/02/2014 07:23:07 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/01/2014 06:51:14 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/01/2014 05:23:55 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/30/2014 00:47:53 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/27/2014 08:38:01 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/26/2014 09:55:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎26.‎06.‎2014 um 20:13:27 unerwartet heruntergefahren.

Error: (06/26/2014 08:34:33 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


Microsoft Office Sessions:
=========================
Error: (06/28/2014 06:57:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Map.exe1.2.0.1362d401cf928d6b9494864294967295C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x86__8wekyb3d8bbwe\Map.exeb639500c-fe80-11e3-afcc-d0df9a1a31beMicrosoft.BingMaps_1.2.0.136_x86__8wekyb3d8bbweAppexMaps

Error: (06/28/2014 06:57:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LEA)
Description: Microsoft.BingMaps_1.2.0.136_x86__8wekyb3d8bbwe

Error: (06/25/2014 08:57:36 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/21/2014 06:29:44 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/19/2014 04:17:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141bb8001cf8bc5c03914bbC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll81c2a1a2-f7bc-11e3-afcb-d0df9a1a31be

Error: (06/19/2014 04:17:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe30.0.0.526911cc01cf8bc2cbe0f58562C:\Program Files\Mozilla Firefox\firefox.exe7ea79393-f7bc-11e3-afcb-d0df9a1a31be

Error: (06/18/2014 02:13:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe29.0.1.5239c6401cf8aec2efb0fd215C:\Program Files\Mozilla Firefox\firefox.exef67285ec-f6e1-11e3-afcb-d0df9a1a31be

Error: (06/18/2014 01:22:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LEA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147467263

Error: (06/18/2014 01:22:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LEA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147467263

Error: (06/18/2014 00:06:13 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 3578.9 MB
Available physical RAM: 2755.08 MB
Total Pagefile: 4266.9 MB
Available Pagefile: 3230.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1847.31 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:102.68 GB) (Free:72.8 GB) NTFS
Drive d: () (Fixed) (Total:195.31 GB) (Free:100.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B03E7563)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=103 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195 GB) - (Type=07 NTFS)

==================== End Of Log ============================

aharonov · 04.07.2014, 21:39

Und bist du sicher, dass du dich beim Überprüfen deiner IP nicht über irgendeinen Proxy-Dienst eingewählt hast? (Beispielsweise die im Chrome installierte ProxMate Erweiterung)

LeaSWE · 04.07.2014, 21:47

Ja bin ich, kann meine IP hier sonst auch nennen oder kann damit was angestellt werden? Sonst per PM vllt

aharonov · 04.07.2014, 21:52

Schick sie mal per PM.

aharonov · 04.07.2014, 22:09

Haben ESET oder MBAM, welche du installiert hast, etwas gefunden?
Hängen noch weitere Computer an diesem Anschluss, oder ist das hier der einzige?

LeaSWE · 04.07.2014, 22:27

Habe noch einen desktop PC aber der wird kaum genutzt, eigentlich fast ausschließlich als 'Jukebox' für Spotify, läuft aber deshalb oft im Hintergrund. ESET und MBAM haben nichts gefunden, die Programme hab ich auch aus diesem Forum entnommen.

Was mir grad einfiel, ich wollte letzte Woche WoW manuell patchen, da es automatisch nicht ging und hab die Dateien erst nur über torrent gefunden, also dieses utorrent geladen -> installiert -> wollte den Patch laden doch das dauerte mir viel zu lange (mit vllt 20kbts geladen in den Programm). Habs dann abgebrochen und direkt wieder deinstalliert und auch die halb runtergeladene Datei war damit automatisch weg, es wurde also nichts ausgeführt. Habs danach von hier geladen und funktionierte auch mit dem Spiel: wow.4fansites.de/downloadspatches.php

aharonov · 05.07.2014, 07:48

Mach bitte mal FRST Logs vom Desktop PC.

LeaSWE · 05.07.2014, 15:07

Hallo, hab es mal auf dem Desktop laufen lassen:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by LPetersson (administrator) on LPETERSSON-PC on 05-07-2014 15:46:23
Running from C:\Users\LPetersson\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Spotify Ltd) C:\Users\LPetersson\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mirc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-05] (Microsoft Corporation)
HKU\S-1-5-21-2842974521-4095641777-2888981785-1000\...\Run: [Google Update] => C:\Users\LPetersson\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-24] (Google Inc.)
HKU\S-1-5-21-2842974521-4095641777-2888981785-1000\...\Run: [Spotify Web Helper] => C:\Users\LPetersson\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-07-01] (Spotify Ltd)
HKU\S-1-5-21-2842974521-4095641777-2888981785-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2013-05-08] () <==== ATTENTION 

==================== Internet (Whitelisted) ====================

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\LPetersson\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\LPetersson\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome: 
=======
CHR StartupUrls: "hxxp://www.uni-kiel.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\LPetersson\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\LPetersson\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\LPetersson\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Google Update) - C:\Users\LPetersson\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Google Drive) - C:\Users\LPetersson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-24]
CHR Extension: (YouTube) - C:\Users\LPetersson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-24]
CHR Extension: (Google-Suche) - C:\Users\LPetersson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-24]
CHR Extension: (AdBlock) - C:\Users\LPetersson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-24]
CHR Extension: (Google Wallet) - C:\Users\LPetersson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Google Mail) - C:\Users\LPetersson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-24]

==================== Services (Whitelisted) =================

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2013-05-08] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-08-23] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-05 15:46 - 2014-07-05 15:46 - 00007919 _____ () C:\Users\LPetersson\Desktop\FRST.txt
2014-07-05 15:46 - 2014-07-05 15:46 - 00000000 ____D () C:\FRST
2014-07-05 15:45 - 2014-07-05 15:45 - 02084352 _____ (Farbar) C:\Users\LPetersson\Desktop\FRST64.exe
2014-06-11 20:01 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 20:01 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 20:01 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 20:01 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 20:01 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 20:01 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 20:01 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 20:01 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 20:01 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 20:01 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 20:01 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 20:01 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 20:01 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 20:01 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 20:01 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 20:01 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 20:01 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 20:01 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 20:01 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 20:01 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 20:01 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 20:01 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 20:01 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 20:01 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 20:01 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 20:01 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 20:01 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 20:01 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 20:01 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 20:01 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 20:01 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 20:01 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 20:01 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 20:01 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 20:01 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 20:01 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 20:01 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 20:01 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 20:01 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 20:01 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 20:01 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 20:01 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 20:01 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 20:01 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 20:01 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 20:01 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 20:01 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 20:01 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 20:01 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 20:01 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 20:01 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 20:01 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 20:01 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 20:01 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 20:01 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 20:01 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 20:01 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 20:01 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 20:01 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 20:01 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 20:01 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 20:01 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 20:01 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 20:01 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 20:01 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 20:01 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 01:10 - 2014-06-11 01:10 - 00000000 ____D () C:\Users\LPetersson\AppData\Local\My Games

==================== One Month Modified Files and Folders =======

2014-07-05 15:46 - 2014-07-05 15:46 - 00007919 _____ () C:\Users\LPetersson\Desktop\FRST.txt
2014-07-05 15:46 - 2014-07-05 15:46 - 00000000 ____D () C:\FRST
2014-07-05 15:45 - 2014-07-05 15:45 - 02084352 _____ (Farbar) C:\Users\LPetersson\Desktop\FRST64.exe
2014-07-05 15:40 - 2013-09-12 15:30 - 00000000 ____D () C:\Users\LPetersson\AppData\Roaming\mIRC
2014-07-05 15:38 - 2013-04-24 19:23 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2842974521-4095641777-2888981785-1000UA.job
2014-07-05 15:38 - 2009-07-14 06:45 - 00019312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-05 15:38 - 2009-07-14 06:45 - 00019312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-05 15:33 - 2013-04-24 17:07 - 01498791 _____ () C:\Windows\WindowsUpdate.log
2014-07-05 15:33 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-07-05 15:33 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-07-05 15:33 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-05 15:29 - 2013-04-24 17:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-05 15:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-05 15:29 - 2009-07-14 06:51 - 00079812 _____ () C:\Windows\setupact.log
2014-07-05 04:54 - 2013-09-04 22:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-04 20:38 - 2013-04-24 19:23 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2842974521-4095641777-2888981785-1000Core.job
2014-07-03 03:53 - 2013-05-14 03:22 - 00000000 ____D () C:\Users\LPetersson\AppData\Roaming\Spotify
2014-06-30 21:06 - 2013-05-14 03:23 - 00000000 ____D () C:\Users\LPetersson\AppData\Local\Spotify
2014-06-20 20:33 - 2013-04-24 19:23 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2842974521-4095641777-2888981785-1000UA
2014-06-20 20:33 - 2013-04-24 19:23 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2842974521-4095641777-2888981785-1000Core
2014-06-17 18:22 - 2013-07-24 15:46 - 00000000 ____D () C:\foobar2000
2014-06-13 03:53 - 2013-05-08 02:47 - 00000000 ____D () C:\Users\LPetersson\AppData\Roaming\TS3Client
2014-06-12 04:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 03:03 - 2013-08-14 14:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:02 - 2013-04-24 18:26 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 01:10 - 2014-06-11 01:10 - 00000000 ____D () C:\Users\LPetersson\AppData\Local\My Games
2014-06-11 01:10 - 2013-08-12 03:16 - 00000000 ____D () C:\Users\LPetersson\Documents\My Games
2014-06-11 01:09 - 2013-05-03 17:15 - 00152046 _____ () C:\Windows\DirectX.log
2014-06-08 11:13 - 2014-06-11 20:01 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 20:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\LPetersson\AppData\Local\Temp\BRSVC_5559251_hlp.exe
C:\Users\LPetersson\AppData\Local\Temp\Gw2.exe
C:\Users\LPetersson\AppData\Local\Temp\IcqUpdater.exe
C:\Users\LPetersson\AppData\Local\Temp\mirc732.exe
C:\Users\LPetersson\AppData\Local\Temp\nvStInst.exe
C:\Users\LPetersson\AppData\Local\Temp\SIntf16.dll
C:\Users\LPetersson\AppData\Local\Temp\SIntf32.dll
C:\Users\LPetersson\AppData\Local\Temp\SIntfNT.dll
C:\Users\LPetersson\AppData\Local\Temp\sonarinst.exe
C:\Users\LPetersson\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\LPetersson\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\LPetersson\AppData\Local\Temp\ubiBB56.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 11:05

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by LPetersson at 2014-07-05 15:47:11
Running from C:\Users\LPetersson\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
ATI Catalyst Install Manager (HKLM\...\{62140B07-129A-2BD0-81D2-2A1A7408ADC8}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deponia (HKLM-x32\...\Steam App 214340) (Version:  - Daedalic Entertainment)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
EAX Unified (HKLM-x32\...\EAX Unified) (Version:  - )
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
Eusing Free Registry Cleaner (HKLM-x32\...\Eusing Free Registry Cleaner) (Version:  - Eusing Software)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Garena Plus (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Gone Home (HKLM-x32\...\Steam App 232430) (Version:  - The Fullbright Company)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
ICQ 8.1 (build 6322) (HKCU\...\ICQ) (Version: 8.1.6322.0 - Mail.Ru)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Team Bondi)
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{249d5ca2-4555-41b5-a112-d45aec69dffa}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Game Long Name (HKLM\...\UDK-11c9efc2-4d87-494d-8586-4d5d757776aa) (Version:  - Epic Games, Inc.)
NVIDIA 3D Vision Controller-Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Restore Points  =========================

21-06-2014 19:08:10 Windows Update
25-06-2014 14:17:00 Windows Update
29-06-2014 10:47:07 Windows Update
03-07-2014 15:57:41 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-05-08 18:55 - 00001021 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 im.adtech.de
127.0.0.1 adserver.adtech.de
127.0.0.1 adtech.de
127.0.0.1 ar.atwola.com
127.0.0.1 atwola.com
127.0.0.1 adserver.71i.de
127.0.0.1 adicqserver.71i.de
127.0.0.1 71i.de


==================== Scheduled Tasks (whitelisted) =============

Task: {25E5DB21-15C0-4228-8636-8D5E7C83B9A4} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {616F53F6-4697-4547-AD34-3CCCC0F4838B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2842974521-4095641777-2888981785-1000Core => C:\Users\LPetersson\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-24] (Google Inc.)
Task: {77B19A36-1F31-4622-A5EE-D0FB46A540F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {A9615CD4-418C-449C-BA41-1C0477307701} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2842974521-4095641777-2888981785-1000UA => C:\Users\LPetersson\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-24] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2842974521-4095641777-2888981785-1000Core.job => C:\Users\LPetersson\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2842974521-4095641777-2888981785-1000UA.job => C:\Users\LPetersson\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-24 17:45 - 2013-03-15 06:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-15 17:00 - 2013-08-23 15:53 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-05-05 22:54 - 2009-03-19 22:35 - 00208896 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
2013-05-05 22:54 - 2009-03-19 22:35 - 00008704 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
2013-05-05 22:54 - 2009-01-15 14:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2013-05-05 22:54 - 2009-03-25 16:53 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: icq => C:\Users\LPetersson\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: Spotify => "C:\Users\LPetersson\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\LPetersson\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "D:\Program Files (x86)\Steam\Steam.exe" -silent

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2014 09:38:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0xb78
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3

Error: (05/11/2014 09:37:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x4e0
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3

Error: (04/23/2014 08:38:45 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (04/22/2014 03:16:00 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (04/21/2014 07:00:35 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (04/21/2014 00:19:22 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (04/21/2014 06:00:19 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (04/20/2014 05:05:04 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (04/19/2014 04:25:17 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (04/18/2014 08:16:17 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall


System errors:
=============
Error: (07/05/2014 03:31:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/05/2014 03:31:53 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/05/2014 03:20:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/05/2014 03:20:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (07/05/2014 02:16:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/05/2014 02:16:25 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/04/2014 06:55:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/04/2014 06:55:08 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/03/2014 05:49:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/03/2014 05:49:18 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (06/19/2014 09:38:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e0b7801cf8bf523dbf0b6C:\Users\LPetersson\AppData\Local\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll4805ce1b-f7e9-11e3-94c6-14dae9511dca

Error: (05/11/2014 09:37:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e04e001cf6d4fadc13f5dC:\Users\LPetersson\AppData\Local\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dlla615f4d3-d943-11e3-9c23-14dae9511dca

Error: (04/23/2014 08:38:45 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall

Error: (04/22/2014 03:16:00 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall

Error: (04/21/2014 07:00:35 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall

Error: (04/21/2014 00:19:22 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall

Error: (04/21/2014 06:00:19 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall

Error: (04/20/2014 05:05:04 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall

Error: (04/19/2014 04:25:17 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall

Error: (04/18/2014 08:16:17 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall


==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 8190.12 MB
Available physical RAM: 6784.87 MB
Total Pagefile: 16378.41 MB
Available Pagefile: 14988.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.48 GB) (Free:60.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:784.93 GB) (Free:548.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: EA1BFC73)
Partition 1: (Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=785 GB) - (Type=07 NTFS)

==================== End Of Log ============================

lg

aharonov · 05.07.2014, 17:56

Nichts zu sehen. Mach auf dem ersten Rechner noch einen Scan mit Emsisoft:

Lade dir bitte das Setup von Emsisoft Anti-Malware auf den Desktop herunter.

Führe die EmsisoftAntiMalwareSetup.exe aus.
Wähle die Sprache Deutsch und akzeptiere die Lizenzvereinbarungen.
Drücke dann auf Freeware Modus (nur Scanner, kein Schutz).
Belasse im nächsten Fenster die Einstellungen und drücke Weiter.
Nachdem der Updatevorgang abgeschlossen ist, klicke auf PC jetzt untersuchen.
Wähle bei "PUPs-Erkennung aktivieren" die Option Ja und drücke Weiter.
Wähle dann Detail Scan und drücke auf SCAN.
Wenn der Scan abgeschlossen ist, lass die Funde nicht entfernen, sondern drücke auf Bericht anzeigen.
Poste das sich öffnende Log bitte hier in den Thread.
(Nachträglich findest du das Log unter Start -> Alle Programme -> Emsisoft Anti-Malware -> Scan Berichte als a2scan_<date>-<time>.txt.)
Du kannst Emsisoft danach über die Systemsteuerung deinstallieren, als Freeware On-Demand-Scanner zusätzlich zu deinem Antivirenprogramm behalten oder die Vollversion davon kaufen und dein bestehendes Antivirenprogramm damit ersetzen.

04.07.2014, 21:39	#4
aharonov /// TB-Ausbilder	Mögliches Botnetz? Und bist du sicher, dass du dich beim Überprüfen deiner IP nicht über irgendeinen Proxy-Dienst eingewählt hast? (Beispielsweise die im Chrome installierte ProxMate Erweiterung) __________________ cheers, Leo

04.07.2014, 21:52	#6
aharonov /// TB-Ausbilder	Mögliches Botnetz? Schick sie mal per PM. __________________ --> Mögliches Botnetz?

04.07.2014, 22:09	#7
aharonov /// TB-Ausbilder	Mögliches Botnetz? Haben ESET oder MBAM, welche du installiert hast, etwas gefunden? Hängen noch weitere Computer an diesem Anschluss, oder ist das hier der einzige? __________________ cheers, Leo

05.07.2014, 07:48	#9
aharonov /// TB-Ausbilder	Mögliches Botnetz? Mach bitte mal FRST Logs vom Desktop PC. __________________ cheers, Leo

Mögliches Botnetz?

Plagegeister aller Art und deren Bekämpfung: Mögliches Botnetz?