Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.02.2015, 19:14   #1
JonnyTroja
 
Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang" - Ausrufezeichen

Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang"



Der Scan mit AVG 2015 ergab keine Funde (win Vista) andere Computer im Netzwerk 2 MacBook Pro 2013 mit OS X Yosemite und Windows parallels. Was für andere Möglichkeiten habe ich meinen Computer zu prüfen?

Alt 10.02.2015, 19:27   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang" - Standard

Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang"



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 10.02.2015, 22:49   #3
JonnyTroja
 
Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang" - Standard

Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang"



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Jonathan at 2015-02-10 22:48:22
Running from C:\Users\Jonathan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
AVG 2015 (Version: 15.0.4284 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5646 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{6BED66AA-1DC6-474B-AC70-205CC3A68A39}) (Version: 8.4.4.1859 - TechSmith Corporation)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.15.0 - Conexant)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-1100274835-966494853-3204424236-1000\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.1 - Intel)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{C8005A7B-9638-41DD-B83B-AF277754E211}) (Version: 14.03.0000 - Intel Corporation)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Lenovo Fingerprint Software (HKLM\...\{9FB987C9-C6B6-46B3-B530-EEB34B1B80F3}) (Version: 3.3.2.50 - AuthenTec, Inc.)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lightshot-5.2.0.17 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.0.17 - Skillbrains)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.12133 - NVIDIA Corporation)
NVIDIA Performance Drivers (HKLM\...\{4C0A8D65-4286-4B58-87FE-18AD24289285}) (Version: 2.0.0.24 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Technitium MAC Address Changer v6.0.5 (HKLM-x32\...\TMACv6.0) (Version: 6.0.5 - Technitium)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.3.6 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WiFi HotSpot Creator (HKLM-x32\...\{C37344E7-A9A9-4E1F-993C-73AEF17BFDC0}) (Version: 2.0.0 - DanuSoft)
Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric  (07/02/2010 8.6.0.29) (HKLM\...\05FBE63CF9C9B3424152207E7278CD6DA193C56C) (Version: 07/02/2010 8.6.0.29 - AuthenTec Inc.)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1100274835-966494853-3204424236-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

01-02-2015 13:30:06 Geplanter Prüfpunkt
01-02-2015 14:07:11 Installed AVG 2015
01-02-2015 14:22:54 Gerätetreiber-Paketinstallation: AVG Technologies Netzwerkdienst
03-02-2015 17:18:01 Geplanter Prüfpunkt
03-02-2015 21:34:19 Removed WiFi HotSpot Creator
03-02-2015 21:37:44 Installed WiFi HotSpot Creator
03-02-2015 22:23:51 Gerätetreiber-Paketinstallation: Khalil Azzouzi Netzwerkdienst
03-02-2015 22:39:07 Gerätetreiber-Paketinstallation: AVG Technologies Netzwerkdienst
04-02-2015 23:58:08 Removed AVG 2015
05-02-2015 00:07:37 Removed AVG 2015
05-02-2015 00:17:27 Installed AVG 2015
05-02-2015 07:26:26 Installed AVG 2015
05-02-2015 16:52:02 Gerätetreiber-Paketinstallation: AVG Technologies Netzwerkdienst
07-02-2015 00:20:47 Geplanter Prüfpunkt
08-02-2015 05:26:22 Geplanter Prüfpunkt
08-02-2015 15:03:07 Camtasia Studio 8 wird installiert
10-02-2015 01:22:55 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01A9E7A9-C6CF-4DA2-94AA-06DAE8093C02} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {4C221F95-A242-4F7B-9912-15D6B1942727} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: {51120B50-1F61-4D9D-986E-659D9759490B} - System32\Tasks\{82B510AD-7C5D-4FFD-89F0-EA21340A92C3} => pcalua.exe -a "C:\Users\Jonathan\Downloads\Forge 1.7.2 (Windows).exe" -d C:\Users\Jonathan\Downloads
Task: {6F1419BF-3B40-4B9A-8900-B7543BF89DE5} - System32\Tasks\update-S-1-5-21-1100274835-966494853-3204424236-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {8930E3CF-AC25-4549-91A8-4C46479176EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05] (Google Inc.)
Task: {9C850756-92F1-41C8-8573-735A07B21674} - System32\Tasks\AVG_SYS_TASK_1014av => C:\ProgramData\Avg_Update_1014av\AVG-Secure-Search-Update_1014av.exe
Task: {C0E924A1-C7FC-4A3E-A113-CCD1354488D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-1100274835-966494853-3204424236-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) ==============

2011-05-31 06:29 - 2011-05-31 06:29 - 00117760 _____ () C:\Windows\system32\DTS.exe
2009-10-27 06:49 - 2009-10-27 06:49 - 06807656 _____ () C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
2015-01-21 18:12 - 2015-01-21 18:11 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2011-10-24 15:14 - 2011-10-24 15:14 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-01-21 18:12 - 2015-01-21 18:11 - 03081752 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2015-01-21 18:12 - 2015-01-21 18:11 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\log4cplusU.dll
2015-02-02 16:48 - 2015-01-08 21:44 - 00750080 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-06 23:17 - 2015-02-06 23:17 - 00043008 _____ () c:\users\jonathan\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr5lnso.dll
2015-02-02 16:48 - 2015-01-08 21:44 - 00047616 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-02 16:48 - 2015-01-08 21:44 - 00863744 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-02 16:48 - 2015-01-08 21:44 - 00200704 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-21 18:11 - 2015-01-21 18:11 - 40630296 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll
2015-01-21 18:12 - 2015-01-21 18:11 - 01686552 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2014-11-05 16:59 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-11-05 16:59 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-11-05 16:59 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-11-05 16:59 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-11-05 16:59 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 20:23 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 20:23 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 20:23 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-11-05 16:59 - 2015-01-23 23:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-11-05 16:59 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-11-05 16:59 - 2015-01-23 23:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.dll
2014-11-05 16:59 - 2015-01-16 00:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-11-05 16:59 - 2015-01-16 00:42 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2015-02-06 15:12 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1100274835-966494853-3204424236-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img24.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1100274835-966494853-3204424236-500 - Administrator - Disabled)
Gast (S-1-5-21-1100274835-966494853-3204424236-501 - Limited - Disabled)
Jonathan (S-1-5-21-1100274835-966494853-3204424236-1000 - Administrator - Enabled) => C:\Users\Jonathan

==================== Faulty Device Manager Devices =============

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2015 06:15:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Steam.exe, Version 2.59.12.64, Zeitstempel 0x54c2c1a7, fehlerhaftes Modul dbghelp.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x460c0089, Ausnahmecode 0xc0000005, Fehleroffset 0x725914ca,
Prozess-ID 0x2e44, Anwendungsstartzeit Steam.exe0.

Error: (02/09/2015 00:21:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1248

Error: (02/09/2015 00:21:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1248

Error: (02/09/2015 00:21:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/08/2015 06:27:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2356

Error: (02/08/2015 06:27:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2356

Error: (02/08/2015 06:27:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/08/2015 06:27:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1248

Error: (02/08/2015 06:27:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1248

Error: (02/08/2015 06:27:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/10/2015 06:22:36 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.

Error: (02/10/2015 06:19:41 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.

Error: (02/10/2015 06:16:30 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.

Error: (02/10/2015 06:14:41 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.

Error: (02/10/2015 06:14:32 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.

Error: (02/10/2015 02:47:18 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.

Error: (02/10/2015 02:41:43 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.

Error: (02/10/2015 02:04:02 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.

Error: (02/10/2015 01:39:33 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.

Error: (02/10/2015 01:14:13 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.


Microsoft Office Sessions:
=========================
Error: (02/09/2015 06:15:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Steam.exe2.59.12.6454c2c1a7dbghelp.dll_unloaded0.0.0.0460c0089c0000005725914ca2e4401d043a867a6a2c8

Error: (02/09/2015 00:21:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1248

Error: (02/09/2015 00:21:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1248

Error: (02/09/2015 00:21:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/08/2015 06:27:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2356

Error: (02/08/2015 06:27:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2356

Error: (02/08/2015 06:27:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/08/2015 06:27:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1248

Error: (02/08/2015 06:27:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1248

Error: (02/08/2015 06:27:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2015-02-10 22:47:23.600
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-10 22:47:23.522
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-10 22:47:23.410
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-10 22:47:23.185
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-10 22:47:22.835
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdrivera.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-10 22:47:22.758
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdrivera.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-10 22:47:22.651
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdrivera.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-10 22:47:22.553
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdrivera.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-05 00:00:11.931
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG2015\Drivers\avgidsha.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-05 00:00:11.820
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG2015\Drivers\avgidsha.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz
Percentage of memory in use: 73%
Total physical RAM: 4025.07 MB
Available physical RAM: 1070.79 MB
Total Pagefile: 8271.42 MB
Available Pagefile: 2776.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.48 GB) (Free:51.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:319.28 GB) (Free:319.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B86CA671)
Partition 1: (Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Jonathan (administrator) on JONATHAN-PC on 10-02-2015 22:47:12
Running from C:\Users\Jonathan\Desktop
Loaded Profiles: Jonathan (Available profiles: Jonathan)
Platform: Windows Vista (TM) Business Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
() C:\Windows\System32\DTS.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\ATService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Beepa P/L) C:\Fraps\fraps.exe
(Beepa P/L) C:\Fraps\fraps64.dat
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Camtasia Studio 8\TscHelp.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582920 2011-05-31] (AuthenTec)
HKLM\...\Run: [FingerPrintSoftwareSplashScreen] => C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2011-05-31] (AuthenTec, Inc.)
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [969512 2007-11-22] (Synaptics, Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3081752 2015-01-21] ()
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\S-1-5-21-1100274835-966494853-3204424236-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={4D75663E-E294-4C2B-85BF-3B0BE1F855CA}&mid=ae32d7e096e947cdad96d1544b86c2a2-3bc5dae84d763a34309acfef234459dc7b0acd1c&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-01-21 18:12:23&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-11-05]

Chrome: 
=======
CHR HomePage: Default -> hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HjLRYcBBqBNDxMTjoLI1wHPQqwLJJ1XQLoh0aTb96jZ1I-F6g626ACiL5pchUVcMeeFbTlTjNRs1z4iEQ6-2gqoqCWloMtFnVpp81VWvhEGfuQTvJdfU9avshRr1_rxJ2uAX-vd12ByIWEYv4kh6g,,
CHR DefaultSuggestURL: Default -> hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-05]
CHR Extension: (Google Docs) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-05]
CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2014-11-05]
CHR Extension: (Google Drive) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-30]
CHR Extension: (YouTube) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-05]
CHR Extension: (AVG Secure Search) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-01-24]
CHR Extension: (Google-Suche) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-05]
CHR Extension: (Google Tabellen) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-05]
CHR Extension: (LoungeDestroyer) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2015-01-18]
CHR Extension: (AdBlock) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-05]
CHR Extension: (Google Wallet) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-05]
CHR Extension: (Google Mail) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2011-05-31] () [File not signed]
R2 ATService; C:\Windows\system32\ATService.exe [2715976 2011-05-31] (AuthenTec, Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1507632 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2011-05-31] () [File not signed]
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6807656 2009-10-27] ()
R2 vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1850392 2015-01-21] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2015-01-21] (AVG Technologies)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 22:47 - 2015-02-10 22:48 - 00013301 _____ () C:\Users\Jonathan\Desktop\FRST.txt
2015-02-10 22:42 - 2015-02-10 22:47 - 00000000 ____D () C:\FRST
2015-02-10 22:40 - 2015-02-10 22:40 - 02132992 _____ (Farbar) C:\Users\Jonathan\Desktop\FRST64.exe
2015-02-09 18:15 - 2015-02-09 18:15 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\CrashDumps
2015-02-08 15:12 - 2015-02-08 15:12 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\TechSmith
2015-02-08 15:11 - 2015-02-08 15:11 - 00000000 ____D () C:\Users\Jonathan\Documents\Camtasia Studio
2015-02-08 15:11 - 2015-02-08 15:11 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\TechSmith
2015-02-08 15:07 - 2015-02-08 15:07 - 00001075 _____ () C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2015-02-08 15:06 - 2015-02-08 15:06 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2015-02-08 15:06 - 2015-02-08 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-02-08 15:06 - 2015-02-08 15:06 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-02-08 15:05 - 2015-02-08 15:05 - 00000000 ____D () C:\ProgramData\TechSmith
2015-02-08 15:05 - 2015-02-08 15:05 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2015-02-07 20:39 - 2015-02-07 20:39 - 00003150 _____ () C:\Windows\System32\Tasks\FRAPS
2015-02-07 14:29 - 2015-02-07 14:29 - 00706512 _____ () C:\Users\Jonathan\Downloads\TeamSpeak_3_Admin_1_0_0_6.zip
2015-02-05 16:37 - 2015-02-05 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-05 16:37 - 2015-02-05 16:37 - 00000888 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-04 18:06 - 2015-02-04 18:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2015-02-03 22:31 - 2013-10-29 20:50 - 00152064 _____ (Syed Aminul Islam) C:\Users\Jonathan\Desktop\Easy Wi-Fi 1.0.0 Portable.exe
2015-02-03 22:30 - 2015-02-03 22:31 - 00094534 _____ () C:\Users\Jonathan\Downloads\Easy Wi-Fi 1.0.0 Portable.zip
2015-02-03 22:29 - 2015-02-03 22:29 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\StormFall
2015-02-03 22:28 - 2015-02-03 22:28 - 01144424 _____ (FreeWiFiHotspot Co., Ltd. ) C:\Users\Jonathan\Downloads\FreeWiFiHotspot [1].exe
2015-02-03 22:26 - 2015-02-03 22:26 - 00692568 _____ (FreeAudioVideo) C:\Users\Jonathan\Downloads\FreeWiFiHotspot.exe
2015-02-03 22:23 - 2015-02-10 18:35 - 00000000 ____D () C:\Program Files (x86)\MyHotspot
2015-02-03 22:23 - 2015-02-03 22:23 - 06950520 _____ (Azzouzi Software ) C:\Users\Jonathan\Downloads\MyHotspot.exe
2015-02-03 22:23 - 2012-12-07 10:28 - 00030536 _____ (Khalil Azzouzi) C:\Windows\system32\Drivers\ndiskhaz.sys
2015-02-03 21:38 - 2015-02-03 21:40 - 00001169 _____ () C:\Users\Public\Desktop\WiFi HotSpot Creator.lnk
2015-02-03 21:38 - 2015-02-03 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiFi HotSpot Creator
2015-02-03 21:38 - 2015-02-03 21:38 - 00000000 ____D () C:\Program Files (x86)\DanuSoft
2015-02-03 21:37 - 2015-02-03 21:37 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\DanuSoft
2015-02-03 21:36 - 2015-02-03 21:37 - 04427554 _____ () C:\Users\Jonathan\Downloads\WiFiHotSpotCreatorSetup.exe
2015-02-02 16:56 - 2015-02-06 23:17 - 00000000 ___RD () C:\Users\Jonathan\Dropbox
2015-02-02 16:56 - 2015-02-02 16:56 - 00001036 _____ () C:\Users\Jonathan\Desktop\Dropbox.lnk
2015-02-02 16:50 - 2015-02-02 16:50 - 00000000 ____D () C:\Program Files (x86)\Dropbox
2015-02-02 16:49 - 2015-02-02 16:49 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-02 16:45 - 2015-02-06 23:17 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Dropbox
2015-01-30 21:16 - 2015-01-30 21:16 - 00000603 _____ () C:\.minecraft - Verknüpfung.lnk
2015-01-30 17:00 - 2015-02-03 19:23 - 00000000 ____D () C:\Program Files (x86)\Minecraft
2015-01-30 17:00 - 2015-02-03 19:22 - 00000872 _____ () C:\Users\Public\Desktop\Minecraft.lnk
2015-01-30 17:00 - 2015-02-03 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-01-28 18:04 - 2015-01-28 18:04 - 00000000 ____D () C:\Users\Jonathan\Documents\Lightshot
2015-01-28 18:03 - 2015-02-10 22:36 - 00000394 _____ () C:\Windows\Tasks\update-S-1-5-21-1100274835-966494853-3204424236-1000.job
2015-01-28 18:03 - 2015-02-10 19:09 - 00000394 _____ () C:\Windows\Tasks\update-sys.job
2015-01-28 18:03 - 2015-01-28 18:03 - 00003290 _____ () C:\Windows\System32\Tasks\update-sys
2015-01-28 18:03 - 2015-01-28 18:03 - 00003274 _____ () C:\Windows\System32\Tasks\update-S-1-5-21-1100274835-966494853-3204424236-1000
2015-01-28 18:03 - 2015-01-28 18:03 - 00000425 _____ () C:\Users\Jonathan\AppData\Local\UserProducts.xml
2015-01-28 18:03 - 2015-01-28 18:03 - 00000003 _____ () C:\Users\Jonathan\AppData\Local\updater.log
2015-01-28 18:03 - 2015-01-28 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2015-01-28 18:03 - 2015-01-28 18:03 - 00000000 ____D () C:\Program Files (x86)\Skillbrains
2015-01-21 18:12 - 2015-01-24 19:43 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\AVG Web TuneUp
2015-01-21 18:12 - 2015-01-24 15:45 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2015-01-21 18:12 - 2015-01-21 18:12 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2015-01-21 18:12 - 2015-01-21 18:12 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2015-01-21 18:12 - 2015-01-21 18:11 - 00052000 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2015-01-21 18:11 - 2015-01-21 18:12 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-01-21 18:10 - 2015-01-21 18:10 - 00002814 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_1014av
2015-01-21 18:06 - 2015-01-21 18:06 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\AVG2015
2015-01-21 18:05 - 2015-01-21 18:05 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\TuneUp Software
2015-01-21 18:04 - 2015-02-05 16:38 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-21 18:04 - 2015-02-05 16:36 - 00000000 ___HD () C:\$AVG
2015-01-21 18:02 - 2015-01-21 18:02 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-20 20:28 - 2015-02-10 22:44 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-20 20:28 - 2015-01-24 20:32 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Avg2015
2015-01-20 20:28 - 2015-01-20 20:28 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\MFAData
2015-01-20 20:25 - 2015-01-20 20:26 - 159747880 _____ (AVG Technologies) C:\Users\Jonathan\Desktop\avg_free_x86_all_2015_5645a8758.exe
2015-01-19 13:17 - 2015-01-19 13:17 - 00008569 _____ () C:\WirelessDiagLog.csv
2015-01-19 13:05 - 2015-01-19 13:06 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Microsoft Games
2015-01-19 13:02 - 2015-01-19 13:02 - 00000000 ____D () C:\Program Files\Microsoft Games
2015-01-19 12:51 - 2015-01-19 13:08 - 00000905 _____ () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-19 12:51 - 2015-01-19 12:51 - 00000949 _____ () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-01-19 11:00 - 2015-01-19 16:13 - 00015040 _____ () C:\Users\Jonathan\Documents\schimmelreiter.odt
2015-01-16 16:25 - 2014-12-19 01:26 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 16:25 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 16:25 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-16 16:25 - 2014-12-06 03:54 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 16:25 - 2014-12-06 03:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-16 16:24 - 2014-12-06 03:54 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 22:46 - 2008-01-21 02:52 - 01256507 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 22:45 - 2014-11-05 16:47 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\TS3Client
2015-02-10 22:14 - 2006-11-02 16:20 - 00004176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-10 22:14 - 2006-11-02 16:20 - 00004176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-10 21:55 - 2014-11-05 16:35 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 18:35 - 2014-11-22 03:21 - 00000499 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-10 18:23 - 2014-11-05 16:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-10 18:14 - 2014-11-05 16:45 - 00032156 _____ () C:\ProgramData\nvModes.dat
2015-02-10 18:14 - 2014-11-05 16:45 - 00032156 _____ () C:\ProgramData\nvModes.001
2015-02-09 22:55 - 2014-11-05 16:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-09 21:06 - 2014-11-05 23:13 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\.minecraft
2015-02-08 15:10 - 2014-11-05 16:26 - 00000000 ____D () C:\Users\Jonathan
2015-02-08 03:15 - 2015-01-03 15:28 - 00009216 _____ () C:\Users\Jonathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-07 20:39 - 2014-11-05 17:20 - 00000000 ____D () C:\Fraps
2015-02-06 23:21 - 2008-01-21 12:19 - 01565164 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 23:21 - 2008-01-21 12:17 - 00673706 _____ () C:\Windows\system32\perfh007.dat
2015-02-06 23:21 - 2008-01-21 12:17 - 00145686 _____ () C:\Windows\system32\perfc007.dat
2015-02-06 23:15 - 2006-11-02 16:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 23:08 - 2014-11-05 16:12 - 00002671 _____ () C:\Windows\bthservsdp.dat
2015-02-06 23:08 - 2006-11-02 16:38 - 00032388 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-06 15:12 - 2014-11-05 16:36 - 00002017 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 02:50 - 2014-11-05 16:35 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 02:50 - 2014-11-05 16:35 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 07:22 - 2008-01-21 02:50 - 00110136 _____ () C:\Windows\PFRO.log
2015-02-05 00:18 - 2014-11-22 18:19 - 00000135 _____ () C:\Users\Jonathan\Desktop\Neues Textdokument.txt
2015-02-04 18:14 - 2006-11-02 16:25 - 00097126 _____ () C:\Windows\setupact.log
2015-02-03 19:23 - 2014-11-05 16:26 - 00000732 _____ () C:\Users\Jonathan\AppData\Local\d3d9caps64.dat
2015-01-19 13:24 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\rescache
2015-01-19 13:02 - 2006-11-02 16:05 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-16 14:00 - 2014-11-06 17:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 14:00 - 2006-11-02 13:35 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2014-11-22 18:18 - 2014-11-22 18:18 - 0000552 _____ () C:\Users\Jonathan\AppData\Local\d3d8caps.dat
2014-11-30 02:56 - 2014-12-13 17:49 - 0000680 _____ () C:\Users\Jonathan\AppData\Local\d3d9caps.dat
2014-11-05 16:26 - 2015-02-03 19:23 - 0000732 _____ () C:\Users\Jonathan\AppData\Local\d3d9caps64.dat
2015-01-03 15:28 - 2015-02-08 03:15 - 0009216 _____ () C:\Users\Jonathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-06 17:12 - 2014-11-06 17:12 - 0036032 _____ () C:\Users\Jonathan\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2014-11-06 17:12 - 2014-11-06 17:12 - 0000002 _____ () C:\Users\Jonathan\AppData\Local\dd_dotnetfx35error_lp.txt
2014-11-06 17:12 - 2014-11-06 17:12 - 0076484 _____ () C:\Users\Jonathan\AppData\Local\dd_dotnetfx35install_lp.txt
2014-11-06 17:12 - 2014-11-06 17:12 - 0811224 _____ () C:\Users\Jonathan\AppData\Local\dd_NET_Framework35_LangPack_MSI32C0.txt
2014-12-10 21:11 - 2014-12-10 21:12 - 0465652 _____ () C:\Users\Jonathan\AppData\Local\dd_vcredistMSI49FE.txt
2014-12-10 21:12 - 2014-12-10 21:13 - 0467538 _____ () C:\Users\Jonathan\AppData\Local\dd_vcredistMSI4B51.txt
2014-12-10 21:11 - 2014-12-10 21:12 - 0011712 _____ () C:\Users\Jonathan\AppData\Local\dd_vcredistUI49FE.txt
2014-12-10 21:12 - 2014-12-10 21:13 - 0011664 _____ () C:\Users\Jonathan\AppData\Local\dd_vcredistUI4B51.txt
2015-01-28 18:03 - 2015-01-28 18:03 - 0000003 _____ () C:\Users\Jonathan\AppData\Local\updater.log
2015-01-28 18:03 - 2015-01-28 18:03 - 0000425 _____ () C:\Users\Jonathan\AppData\Local\UserProducts.xml
2014-11-06 17:12 - 2014-11-06 17:12 - 0001602 _____ () C:\Users\Jonathan\AppData\Local\uxeventlog.txt
2014-11-05 16:45 - 2015-02-10 18:14 - 0032156 _____ () C:\ProgramData\nvModes.001
2014-11-05 16:45 - 2015-02-10 18:14 - 0032156 _____ () C:\ProgramData\nvModes.dat

Some content of TEMP:
====================
C:\Users\Jonathan\AppData\Local\Temp\DJAPI.dll
C:\Users\Jonathan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr5lnso.dll
C:\Users\Jonathan\AppData\Local\Temp\PlumoWeb.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-06 23:21

==================== End Of Log ============================
         
--- --- ---

zuerst addition.txt dann FRST.txt
__________________

Alt 11.02.2015, 13:27   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang" - Standard

Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang"



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.02.2015, 20:43   #5
JonnyTroja
 
Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang" - Standard

Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang"



Werde den test jetzt durchführen, habe die Rückmeldung von der Telekom bekommen das es sich um ein Bot-Netzwerk handelt wenn das weiter hilft dann währe das toll
lg Jonny

mbar hat nichts gefunden:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.02.11.05
  rootkit: v2015.02.03.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jonathan :: JONATHAN-PC [administrator]

11.02.2015 18:53:38
mbar-log-2015-02-11 (18-53-38).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 323209
Time elapsed: 31 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
den anderen test führe ich jetzt durch

TDSS hat auch nichts gefunden


Alt 12.02.2015, 06:58   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang" - Standard

Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang"



Sonst noch Windows Kisten im Haus?
__________________
--> Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang"

Alt 12.02.2015, 07:47   #7
JonnyTroja
 
Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang" - Standard

1x Windows 8 Firmenpc und ein Android Handy



Sonst Apple only

Alt 12.02.2015, 18:36   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang" - Standard

Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang"



Hmm, also ich seh nix.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.02.2015, 19:06   #9
JonnyTroja
 
Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang" - Daumen hoch

Danke




Alt 13.02.2015, 06:54   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang" - Standard

Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang"



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang"
andere, avg, avg 2015, brief, compu, computer, funde, inter, interne, internetzugang, keine funde, macbook, macbook pro, möglichkeiten, netzwerk, os x yosemite, prüfen, scan, telekom, telekom abuse, vista, vista 64 bit, wichtige, win, win vista, windows, zugang



Ähnliche Themen: Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang"


  1. Telekom Brief " Wichtige Sicherheitswarnung zu Ihrem Internetzugang "
    Plagegeister aller Art und deren Bekämpfung - 24.10.2015 (15)
  2. Wichtige Sicherheitswarnung zu Ihrem Internetzugang /Telefonica
    Überwachung, Datenschutz und Spam - 21.02.2015 (5)
  3. Trojaner: "Zugang zu ihrem Computer wurde aus folgenden Gründen gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 27.01.2015 (17)
  4. Windows 8.1 "Telekom-Trojaner" Avira meldet "Emotet.A.43"
    Log-Analyse und Auswertung - 24.11.2014 (9)
  5. Google Suche meldet: "Ungewöhnlicher Datenverkehr aus Ihrem Computernetzwerk"
    Plagegeister aller Art und deren Bekämpfung - 19.05.2014 (10)
  6. Google-Meldung "ungewöhnlicher Datenverkehr auf Ihrem PC"
    Plagegeister aller Art und deren Bekämpfung - 15.05.2014 (17)
  7. Bei mir erscheint ein neuer Tab bei Firefox: "Auf ihrem PC wurde Spyware entdeckt"
    Log-Analyse und Auswertung - 27.02.2014 (16)
  8. Windows 7: Wartungscenter zeigt "Entfernen des Win32/Small.CA-Virus von Ihrem PC"
    Log-Analyse und Auswertung - 10.09.2013 (11)
  9. Windows 7; Brief Telekom: Sicherheitswarnung Internetzugang; 3 Trojaner ; mehrer Emails "Mail Delivery System" auch nach Passwordänderung
    Plagegeister aller Art und deren Bekämpfung - 04.09.2013 (28)
  10. Bei mir erschien heute: "Auf ihrem PC wurde Spyware entdeckt"
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (7)
  11. Telekom-Brief bzgl. "Hacking", "Sicherheitswarnung zu Ihrem Internetzugang"
    Log-Analyse und Auswertung - 01.07.2013 (13)
  12. Erneute sicherheitswarnung zu ihrem internetzugang von telekom
    Log-Analyse und Auswertung - 29.11.2012 (15)
  13. Google-Meldung "Ungewöhnlicher Datenverkehr aus Ihrem Netzwerk"
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (9)
  14. Mail vom Telekom Abuse-Team / Wichtige Sicherheitswarnung zu ihrem Internetzugang
    Log-Analyse und Auswertung - 22.11.2012 (3)
  15. Brief von Telekom / "Sicherheitswarnung zu Ihrem Internetzugang" / "TR/Crypt.ULPM.Gen"
    Log-Analyse und Auswertung - 25.10.2012 (37)
  16. [Abuse-ID:72018271] Wichtige Sicherheitswarnung zu Ihrem Internetzugang; Zugangsnummer: 32xxxxxxxxxxx
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (3)
  17. "der zugang zu ihrem computer wurde gesperrt" Malware
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (2)

Zum Thema Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang" - Der Scan mit AVG 2015 ergab keine Funde (win Vista) andere Computer im Netzwerk 2 MacBook Pro 2013 mit OS X Yosemite und Windows parallels. Was für andere Möglichkeiten habe - Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang"...
Archiv
Du betrachtest: Brief von der Telekom "wichtige Sicherheiswarnung zu ihrem Internetzugang" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.