pfropferla | 31.10.2013 22:45 | MBAM findet 11 Infektionen - u.a. Trojaner.Repacked (Windows Vista) Hallo, liebes Team!
Ich bin gerade mal wieder am PC meiner Eltern und meine Mutter berichtete mir davon, dass das Internet unglaublich langsam wäre - das hab ich dann auch selber erfahren: Download von 9,8 MB dauert fast 15 Minuten (und das mit DSL6000). Auch der Seitenaufbau dauert extrem lange...
Also hab ich MBAM laufen lassen: hat 11 Infektionen gefunden Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.10.31.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
baldham :: SONJAUNDBERND [Administrator]
31.10.2013 21:39:48
mbam-log-2013-10-31 (21-39-48).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 239244
Laufzeit: 12 Minute(n), 56 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 1
HKCR\AppID\{562B9316-C08A-444A-9482-62080DD851AE} (PUP.Optional.SpeedAnalysis3.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 3
C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\baldham\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\baldham\AppData\Roaming\OpenCandy\564C16176E8F4932BB2BEA41486AAFF8 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateien: 7
C:\Users\baldham\AppData\Local\Temp\SpeedTestSetup.exe (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\baldham\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih.exe (Trojan.Repacked) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sonja und Bernd\AppData\Local\Temp\p6UCTWYt.exe.part (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sonja und Bernd\AppData\Local\Temp\qnS6zHDJ.exe.part (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sonja und Bernd\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\baldham\AppData\Roaming\OpenCandy\564C16176E8F4932BB2BEA41486AAFF8\Softonic_chr_p1v6.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende) Zusätzlich hab ich die Anleitung für Hilfesuchende abgearbeitet:
Defogger: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:00 on 31/10/2013 (baldham)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read SafeBoot.sys
-=E.O.F=-
FRST: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Sonja und Bernd (ATTENTION: The logged in user is not administrator) on SONJAUNDBERND on 31-10-2013 22:03:52
Running from C:\Users\Sonja und Bernd\Desktop
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(ActivIdentity) c:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Users\Sonja und Bernd\AppData\Local\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Users\Sonja und Bernd\AppData\Local\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [293168 2007-05-16] (ActivIdentity)
HKLM\...\Run: [CognizanceTS] - rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [File Sanitizer] - C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [10244096 2008-05-02] (Hewlett-Packard)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\SoundMAX.exe [3842048 2008-03-19] (Analog Devices, Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2008-04-04] (Analog Devices, Inc.)
HKLM\...\Run: [HP Health Check Scheduler] - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1573584 2012-10-19] (Ask)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1150976 2009-01-19] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe [114688 2009-01-09] (Brother Industries, Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
MountPoints2: {5a9e03b8-0928-11e1-9b39-002186c5f047} - G:\AutoRun.exe
MountPoints2: {5a9e03d2-0928-11e1-9b39-001e101f36d9} - G:\AutoRun.exe
MountPoints2: {668fc2c7-0934-11e1-ac79-001e101f82a7} - H:\AutoRun.exe
AppInit_DLLs: APSHook.dll [ 2008-05-21] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
SearchScopes: HKLM - DefaultScope {7BEB5BB0-9006-4C60-AFE6-513BF461728E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
SearchScopes: HKLM - {7BEB5BB0-9006-4C60-AFE6-513BF461728E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
SearchScopes: HKCU - DefaultScope {7BEB5BB0-9006-4C60-AFE6-513BF461728E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
SearchScopes: HKCU - {08A3F3C5-19A6-4F09-A44C-2C4194A9974B} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^VK^DE&apn_uid=c4147500-675c-474a-8ceb-68e6a663ba2a&apn_sauid=763B56E7-A845-4C47-B999-13B5F3A02736
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {7BEB5BB0-9006-4C60-AFE6-513BF461728E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
BHO: Speed Test Analysis - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files\Speed Test Analysis\ScriptHost.dll (SpeedAnalysis.com)
BHO: BHO_Startup Class - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.8.21.14\bh\Softonic.dll (Softonic.com)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Sonja und Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\5129zyfp.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://go.gmx.net/tb/mff_startpage
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sonja und Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\5129zyfp.default\searchplugins\zapmeta-deutschland.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Sonja und Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\5129zyfp.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: toolbar - C:\Users\Sonja und Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\5129zyfp.default\Extensions\toolbar@gmx.net.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [speedtestanalysis@SpeedAnalysis.com] - C:\Users\baldham\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com
FF Extension: Speed Test Analysis - C:\Users\baldham\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Sonja und Bernd\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Sonja und Bernd\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Sonja und Bernd\AppData\Local\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\SONJAU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.4_0
CHR Extension: (YouTube) - C:\Users\SONJAU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\SONJAU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\SONJAU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [elchiiiejkobdbblfejjkbphbddgmljf] - C:\Program Files\Softonic\Softonic\1.8.21.14\Softonic.crx
CHR HKLM\...\Chrome\Extension: [kckgnnipheglejoddfhekdjpbdbinhmb] - C:\Users\baldham\AppData\Roaming\SpeedTestAnalysis\SpeedTestAnalysis.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Sonja und Bernd\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 accoca; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [182576 2007-05-16] (ActivIdentity)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [111888 2008-05-21] (Bioscrypt Inc.)
R2 ASChannel; c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [137488 2008-05-21] (Bioscrypt Inc.)
S2 gupdate1ca1367f7ffad00; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-08-02] (Google Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
S4 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [34184 2008-05-14] (Hewlett-Packard Development Company, L.P)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256512 2008-05-14] (SafeBoot International)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2008-05-02] (Hewlett-Packard)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [239968 2011-11-07] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
U0 laxbamja; C:\Windows\System32\drivers\fkba.sys [54016 2013-10-31] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [12496 2008-05-14] (SafeBoot International)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [108752 2008-05-14] ()
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [51376 2008-05-14] (SafeBoot N.V.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [12928 2008-05-14] (SafeBoot International)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1810992 2009-03-27] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
U4 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-31 22:03 - 2013-10-31 22:03 - 00000000 ____D C:\FRST
2013-10-31 22:02 - 2013-10-31 22:02 - 01089445 _____ (Farbar) C:\Users\Sonja und Bernd\Desktop\FRST.exe
2013-10-31 22:00 - 2013-10-31 22:00 - 00000534 _____ C:\Users\Sonja und Bernd\Desktop\defogger_disable.log
2013-10-31 22:00 - 2013-10-31 22:00 - 00000000 _____ C:\Users\baldham\defogger_reenable
2013-10-31 21:58 - 2013-10-31 21:58 - 00050477 _____ C:\Users\Sonja und Bernd\Desktop\Defogger.exe
2013-10-31 21:57 - 2013-10-31 21:57 - 00054016 _____ C:\windows\system32\Drivers\fkba.sys
2013-10-31 21:29 - 2013-10-31 21:29 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-31 21:29 - 2013-10-31 21:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-31 21:29 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-10-31 21:18 - 2013-10-31 21:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sonja und Bernd\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-28 22:06 - 2013-10-28 22:17 - 01756320 _____ C:\Users\Sonja und Bernd\Documents\wozi b.sh3d
2013-10-28 19:12 - 2013-10-28 19:19 - 00329851 _____ C:\Users\Sonja und Bernd\Documents\Küche.sh3d
2013-10-28 09:12 - 2013-10-30 07:03 - 02003806 _____ C:\Users\Sonja und Bernd\Documents\wozi.sh3d
2013-10-28 08:48 - 2013-10-28 08:48 - 00005774 _____ C:\Users\baldham\Documents\wohnzi.sh3d
2013-10-28 08:40 - 2013-10-28 08:48 - 00644331 _____ C:\Users\baldham\Documents\wohnzimmer.sh3d
2013-10-28 07:54 - 2013-10-28 07:54 - 00000000 ____D C:\Users\baldham\eTeks
2013-10-28 07:45 - 2013-10-28 07:45 - 00001224 _____ C:\Users\baldham\Desktop\SpeedTestAnalysis.lnk
2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\SpeedTestAnalysis
2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\Softonic
2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\Mozilla
2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Program Files\Speed Test Analysis
2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Program Files\Softonic
2013-10-28 07:43 - 2013-10-28 07:43 - 00000926 _____ C:\Users\baldham\Desktop\Sweet Home 3D.lnk
2013-10-28 07:43 - 2013-10-28 07:43 - 00000000 ____D C:\Program Files\Sweet Home 3D
2013-10-28 07:27 - 2013-10-28 07:42 - 33703888 _____ (eTeks ) C:\Users\baldham\Desktop\SweetHome3D-4.1-windows-oc.exe
2013-10-27 17:01 - 2013-10-27 17:43 - 79510936 _____ (Trimble Navigation Limited) C:\Users\Sonja und Bernd\Downloads\SketchUp_13.0.4812.exe
2013-10-11 02:15 - 2013-09-22 11:29 - 12336128 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-11 02:15 - 2013-09-22 11:22 - 09739264 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-11 02:15 - 2013-09-22 11:22 - 01800704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-11 02:15 - 2013-09-22 11:14 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-10-11 02:15 - 2013-09-22 11:13 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-11 02:15 - 2013-09-22 11:13 - 01104896 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-11 02:15 - 2013-09-22 11:12 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-10-11 02:15 - 2013-09-22 11:09 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-11 02:15 - 2013-09-22 11:08 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-10-11 02:15 - 2013-09-22 11:07 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-11 02:15 - 2013-09-22 11:06 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-10-11 02:15 - 2013-09-22 11:05 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-11 02:15 - 2013-09-22 11:03 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-11 02:15 - 2013-09-22 11:03 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-11 02:15 - 2013-09-22 11:03 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-10-11 02:15 - 2013-09-22 10:59 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-10-10 06:45 - 2013-08-29 08:36 - 02050048 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-10 06:45 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\windows\system32\d3d10.dll
2013-10-10 06:45 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1core.dll
2013-10-10 06:45 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\d3d10core.dll
2013-10-10 06:45 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1.dll
2013-10-10 06:45 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2013-10-10 06:45 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2013-10-10 06:45 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2013-10-10 06:45 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-10-10 06:45 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2013-10-10 06:45 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-10-10 06:45 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2013-10-10 06:45 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 06:45 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-10 06:44 - 2013-07-12 10:04 - 00134272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2013-10-10 06:44 - 2013-07-03 03:33 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
2013-10-10 06:44 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-10-10 06:44 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-10-10 06:44 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-10-10 06:44 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-10-10 06:44 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-10-10 06:44 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-10 06:44 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-10 06:44 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-10 06:44 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-10-10 06:44 - 2011-05-05 14:54 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-10-07 14:17 - 2013-10-08 19:07 - 00030208 ____H C:\Users\Sonja und Bernd\Documents\~WRL3501.tmp
2013-10-07 14:17 - 2013-10-08 19:05 - 00030208 ____H C:\Users\Sonja und Bernd\Documents\~WRL2365.tmp
2013-10-02 09:04 - 2013-10-02 18:29 - 00000000 ____D C:\Users\Sonja und Bernd\AppData\Local\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-10-31 22:03 - 2013-10-31 22:03 - 00000000 ____D C:\FRST
2013-10-31 22:02 - 2013-10-31 22:02 - 01089445 _____ (Farbar) C:\Users\Sonja und Bernd\Desktop\FRST.exe
2013-10-31 22:00 - 2013-10-31 22:00 - 00000534 _____ C:\Users\Sonja und Bernd\Desktop\defogger_disable.log
2013-10-31 22:00 - 2013-10-31 22:00 - 00000000 _____ C:\Users\baldham\defogger_reenable
2013-10-31 22:00 - 2012-01-02 18:01 - 00000000 ____D C:\Users\baldham
2013-10-31 21:58 - 2013-10-31 21:58 - 00050477 _____ C:\Users\Sonja und Bernd\Desktop\Defogger.exe
2013-10-31 21:58 - 2008-12-23 20:52 - 00000000 ____D C:\Users\Sonja und Bernd
2013-10-31 21:57 - 2013-10-31 21:57 - 00054016 _____ C:\windows\system32\Drivers\fkba.sys
2013-10-31 21:57 - 2006-11-02 12:18 - 00000000 ____D C:\windows\schemas
2013-10-31 21:39 - 2012-11-09 15:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-31 21:38 - 2013-08-06 08:28 - 00000000 ____D C:\Users\Sonja und Bernd\AppData\Local\DoNotTrackPlus
2013-10-31 21:29 - 2013-10-31 21:29 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-31 21:29 - 2013-10-31 21:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-31 21:29 - 2013-10-31 21:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sonja und Bernd\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-31 21:27 - 2009-08-02 13:09 - 00001098 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-31 21:23 - 2008-12-23 19:39 - 01290440 _____ C:\windows\WindowsUpdate.log
2013-10-31 21:06 - 2009-08-02 13:09 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-31 21:05 - 2006-11-02 13:58 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-31 21:05 - 2006-11-02 13:45 - 00003216 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-31 21:05 - 2006-11-02 13:45 - 00003216 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-30 19:09 - 2008-12-24 12:08 - 00002637 _____ C:\Users\Sonja und Bernd\Desktop\Microsoft Office Word 2003.lnk
2013-10-30 07:03 - 2013-10-28 09:12 - 02003806 _____ C:\Users\Sonja und Bernd\Documents\wozi.sh3d
2013-10-29 12:36 - 2009-08-02 12:52 - 00001052 _____ C:\windows\Tasks\Google Software Updater.job
2013-10-28 22:17 - 2013-10-28 22:06 - 01756320 _____ C:\Users\Sonja und Bernd\Documents\wozi b.sh3d
2013-10-28 19:28 - 2008-12-23 19:39 - 00000012 _____ C:\windows\bthservsdp.dat
2013-10-28 19:28 - 2006-11-02 13:58 - 00032588 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-28 19:23 - 2009-03-21 20:06 - 00000000 ____D C:\Users\Sonja und Bernd\AppData\Roaming\Skype
2013-10-28 19:22 - 2012-11-09 15:47 - 00000000 ___RD C:\Program Files\Skype
2013-10-28 19:22 - 2009-03-21 20:06 - 00000000 ____D C:\ProgramData\Skype
2013-10-28 19:19 - 2013-10-28 19:12 - 00329851 _____ C:\Users\Sonja und Bernd\Documents\Küche.sh3d
2013-10-28 10:26 - 2013-02-09 16:56 - 00012256 _____ C:\windows\PFRO.log
2013-10-28 08:48 - 2013-10-28 08:48 - 00005774 _____ C:\Users\baldham\Documents\wohnzi.sh3d
2013-10-28 08:48 - 2013-10-28 08:40 - 00644331 _____ C:\Users\baldham\Documents\wohnzimmer.sh3d
2013-10-28 07:54 - 2013-10-28 07:54 - 00000000 ____D C:\Users\baldham\eTeks
2013-10-28 07:45 - 2013-10-28 07:45 - 00001224 _____ C:\Users\baldham\Desktop\SpeedTestAnalysis.lnk
2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\SpeedTestAnalysis
2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\Softonic
2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\Mozilla
2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Program Files\Speed Test Analysis
2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Program Files\Softonic
2013-10-28 07:45 - 2009-05-03 08:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-28 07:43 - 2013-10-28 07:43 - 00000926 _____ C:\Users\baldham\Desktop\Sweet Home 3D.lnk
2013-10-28 07:43 - 2013-10-28 07:43 - 00000000 ____D C:\Program Files\Sweet Home 3D
2013-10-28 07:42 - 2013-10-28 07:27 - 33703888 _____ (eTeks ) C:\Users\baldham\Desktop\SweetHome3D-4.1-windows-oc.exe
2013-10-28 07:26 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-10-27 17:43 - 2013-10-27 17:01 - 79510936 _____ (Trimble Navigation Limited) C:\Users\Sonja und Bernd\Downloads\SketchUp_13.0.4812.exe
2013-10-25 06:36 - 2008-12-23 21:43 - 00075776 _____ C:\Users\Sonja und Bernd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-24 17:35 - 2009-09-03 16:47 - 00000052 _____ C:\windows\system32\DOErrors.log
2013-10-11 03:05 - 2006-11-02 12:18 - 00000000 ____D C:\windows\Microsoft.NET
2013-10-11 02:57 - 2006-11-02 13:44 - 00419592 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-11 02:56 - 2009-06-27 15:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 02:27 - 2013-08-05 14:50 - 00000000 ____D C:\windows\system32\MRT
2013-10-11 02:22 - 2006-11-02 11:24 - 78106760 _____ (Microsoft Corporation) C:\windows\system32\mrt.exe
2013-10-10 06:31 - 2012-03-31 09:29 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-10-10 06:31 - 2012-01-03 17:08 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 19:07 - 2013-10-07 14:17 - 00030208 ____H C:\Users\Sonja und Bernd\Documents\~WRL3501.tmp
2013-10-08 19:05 - 2013-10-07 14:17 - 00030208 ____H C:\Users\Sonja und Bernd\Documents\~WRL2365.tmp
2013-10-07 15:37 - 2012-10-30 09:37 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-10-07 15:37 - 2012-10-30 09:37 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-10-07 15:37 - 2012-10-30 09:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-10-02 18:29 - 2013-10-02 09:04 - 00000000 ____D C:\Users\Sonja und Bernd\AppData\Local\Mozilla Firefox
2013-10-02 08:57 - 2011-01-30 11:27 - 00000680 _____ C:\Users\Sonja und Bernd\AppData\Local\d3d9caps.dat
Some content of TEMP:
====================
C:\Users\baldham\AppData\Local\Temp\install_helper.exe
C:\Users\baldham\AppData\Local\Temp\Softonic_chr_1-8-19-3.exe
C:\Users\baldham\AppData\Local\Temp\_isB1A7.exe
C:\Users\Sonja und Bernd\AppData\Local\Temp\1g37so5d.dll
C:\Users\Sonja und Bernd\AppData\Local\Temp\avgnt.exe
C:\Users\Sonja und Bernd\AppData\Local\Temp\FileSystemView.dll
C:\Users\Sonja und Bernd\AppData\Local\Temp\g6tv7-as.dll
C:\Users\Sonja und Bernd\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================ Addition.txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by Sonja und Bernd at 2013-10-31 22:04:45
Running from C:\Users\Sonja und Bernd\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 2.1.5)
ActivClient 6.1 x86 (Version: 6.01.00034)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Agere Systems HDA Modem
Ask Toolbar (Version: 1.15.10.0)
ATI Catalyst Install Manager (Version: 3.0.664.0)
Avira Free Antivirus (Version: 14.0.0.383)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.4.1.29781)
BIOS Configuration for HP ProtectTools (Version: 4.00 A7)
Brother MFL-Pro Suite DCP-165C (Version: 1.1.8.0)
Brother MFL-Pro Suite DCP-195C (Version: 1.0.0.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0508.2151.37248)
Catalyst Control Center Graphics Full Existing (Version: 2008.0508.2151.37248)
Catalyst Control Center Graphics Full New (Version: 2008.0508.2151.37248)
Catalyst Control Center Graphics Light (Version: 2008.0508.2151.37248)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Czech (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Danish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Dutch (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Finnish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization French (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization German (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Greek (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Hungarian (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Italian (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Japanese (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Korean (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Norwegian (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Polish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Portuguese (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Russian (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Spanish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Swedish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Thai (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Turkish (Version: 2008.0508.2151.37248)
CCC Help Chinese Standard (Version: 2008.0508.2150.37248)
CCC Help Chinese Traditional (Version: 2008.0508.2150.37248)
CCC Help Czech (Version: 2008.0508.2150.37248)
CCC Help Danish (Version: 2008.0508.2150.37248)
CCC Help Dutch (Version: 2008.0508.2150.37248)
CCC Help English (Version: 2008.0508.2150.37248)
CCC Help Finnish (Version: 2008.0508.2150.37248)
CCC Help French (Version: 2008.0508.2150.37248)
CCC Help German (Version: 2008.0508.2150.37248)
CCC Help Greek (Version: 2008.0508.2150.37248)
CCC Help Hungarian (Version: 2008.0508.2150.37248)
CCC Help Italian (Version: 2008.0508.2150.37248)
CCC Help Japanese (Version: 2008.0508.2150.37248)
CCC Help Korean (Version: 2008.0508.2150.37248)
CCC Help Norwegian (Version: 2008.0508.2150.37248)
CCC Help Polish (Version: 2008.0508.2150.37248)
CCC Help Portuguese (Version: 2008.0508.2150.37248)
CCC Help Russian (Version: 2008.0508.2150.37248)
CCC Help Spanish (Version: 2008.0508.2150.37248)
CCC Help Swedish (Version: 2008.0508.2150.37248)
CCC Help Thai (Version: 2008.0508.2150.37248)
CCC Help Turkish (Version: 2008.0508.2150.37248)
ccc-core-static (Version: 2008.0508.2151.37248)
ccc-utility (Version: 2008.0508.2151.37248)
CCleaner (Version: 4.04)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Credential Manager for HP ProtectTools (Version: 4.0.3.1208)
Drive Encryption for HP ProtectTools (Version: 4.0.2)
Dropbox (HKCU Version: 1.1.35)
ESt-Online (Version: 2003)
ESU for Microsoft Vista SP1 (Version: 1.00.2.1)
File Sanitizer For HP ProtectTools (Version: 1.0.0.18)
FileHippo.com Update Checker
GMX Softwareaktualisierung (Version: 2.0.1.8)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.165)
Google Updater (Version: 2.4.2432.1652)
HP 3D DriveGuard (Version: 3.10 A7)
HP Active Support Library (Version: 3.1.9.1)
HP Customer Experience Enhancements (Version: 5.4.0.2423)
HP Doc Viewer (Version: 1.03.0001)
HP Easy Setup - Frontend (Version: 5.4.0.2423)
HP Help and Support (Version: 2.0.9.0)
HP Integrated Module with Bluetooth wireless technology 6.0.1.6200 (Version: 6.0.1.6200)
HP JavaCard for HP ProtectTools (Version: 04.00.01.0025)
HP ProtectTools Security Manager (Version: 4.00 A1A)
HP ProtectTools Security Manager Suite (Version: 04.00.01.0026)
HP Quick Launch Buttons (Version: 6.50.14.1)
HP Software Setup 5.00.A.7 (Version: 5.00.A.7)
HP Update (Version: 5.002.007.004)
HP User Guides 0108 (Version: 1.01.0000)
HP Wallpaper (Version: 1.0.1.4)
HP Webcam (Version: 5.8.39004.0)
HP Webcam Application (Version: 1.0.020.0418)
HP Wireless Assistant (Version: 3.00 K1)
HPAsset component for HP Active Support Library (Version: 3.0.2.2)
HPNetworkAssistant (Version: 1.1.70)
Intel® Matrix Storage Manager
InterVideo DVD Check
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java SE Development Kit 7 Update 13 (Version: 1.7.0.130)
Java SE Development Kit 7 Update 15 (Version: 1.7.0.150)
Java SE Development Kit 7 Update 17 (Version: 1.7.0.170)
Java SE Development Kit 7 Update 9 (Version: 1.7.0.90)
Juniper Networks Host Checker (HKCU Version: 6.4.0.14811)
Juniper Networks Setup Client (HKCU Version: 2.0.2.5745)
Juniper Networks Setup Client Activex Control (Version: 2.0.0.3)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Suite Activation Assistant (Version: 2.7)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mobile Partner (Version: 21.005.15.02.382)
Mozilla Firefox 24.0 (x86 de) (HKCU Version: 24.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
PaperPort Image Printer (Version: 1.00.0000)
QLBCASL (Version: 6.40.17.2)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Business (Version: 10.1)
Roxio Creator Business v10 (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio MyDVD (Version: 10.1.048)
ScanSoft PaperPort 11 (Version: 11.2.0000)
Secunia PSI (3.0.0.6001) (Version: 3.0.0.6001)
Skins (Version: 2008.0508.2151.37248)
Skype™ 6.9 (Version: 6.9.106)
Softonic toolbar on IE and Chrome (Version: 1.8.21.14)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
SoundMAX (Version: 6.10.1.5820)
Speed Test Analysis (Version: 1.0.0.5)
Sweet Home 3D version 4.1
Synaptics Pointing Device Driver (Version: 15.0.24.0)
t@x 2013 (Version: 20.00.8137)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Vista Default Settings (Version: 1.0.6.1)
==================== Restore Points =========================
Could not list Restore Points. Check WMI.
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\windows\Tasks\Google Software Updater.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
==================== Loaded Modules (whitelisted) =============
2008-01-16 17:51 - 2008-01-16 17:51 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2008-02-04 13:29 - 2008-02-04 13:29 - 00688128 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
2003-07-11 02:09 - 2003-07-11 02:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
2008-05-08 10:14 - 2008-05-08 10:14 - 00159744 _____ () C:\windows\system32\atitmmxx.dll
2013-08-02 07:40 - 2009-01-09 16:10 - 00139264 _____ () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2013-10-02 09:04 - 2013-10-02 09:04 - 03279768 _____ () C:\Users\Sonja und Bernd\AppData\Local\Mozilla Firefox\mozjs.dll
2013-10-10 06:31 - 2013-10-10 06:31 - 16233864 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/31/2013 09:13:11 PM) (Source: LoadPerf) (User: )
Description: >16
Error: (10/31/2013 09:09:40 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\0> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/31/2013 09:09:40 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\0> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/31/2013 09:09:29 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\F8> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/31/2013 09:09:27 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\F8> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/31/2013 09:09:26 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\C9> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/31/2013 09:09:26 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\C9> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/31/2013 09:09:26 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\AB> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/31/2013 09:09:26 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\AB> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/31/2013 09:09:19 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\AA> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (10/31/2013 09:25:53 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (10/31/2013 09:06:55 PM) (Source: Service Control Manager) (User: )
Description: Mobile Partner. OUC%%1053
Error: (10/31/2013 09:06:55 PM) (Source: Service Control Manager) (User: )
Description: 30000Mobile Partner. OUC
Error: (10/31/2013 09:06:55 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (10/31/2013 09:05:34 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 31.10.2013 um 15:20:17 unerwartet heruntergefahren.
Error: (10/31/2013 03:07:42 PM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
Error: (10/31/2013 03:05:59 PM) (Source: Service Control Manager) (User: )
Description: Mobile Partner. OUC%%1053
Error: (10/31/2013 03:05:59 PM) (Source: Service Control Manager) (User: )
Description: 30000Mobile Partner. OUC
Error: (10/31/2013 03:05:59 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (10/31/2013 03:03:57 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 31.10.2013 um 08:31:06 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (10/31/2013 09:13:11 PM) (Source: LoadPerf)(User: )
Description: >16
Error: (10/31/2013 09:09:40 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\0
Error: (10/31/2013 09:09:40 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\0
Error: (10/31/2013 09:09:29 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\F8
Error: (10/31/2013 09:09:27 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\F8
Error: (10/31/2013 09:09:26 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\C9
Error: (10/31/2013 09:09:26 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\C9
Error: (10/31/2013 09:09:26 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\AB
Error: (10/31/2013 09:09:26 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\AB
Error: (10/31/2013 09:09:19 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\AA
CodeIntegrity Errors:
===================================
Date: 2012-12-29 18:50:24.065
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\verifier.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-23 08:25:09.550
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\verifier.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-29 22:16:36.003
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-29 22:16:35.551
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-29 22:16:35.036
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-29 22:16:34.599
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-29 22:16:34.131
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-29 22:16:33.679
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-29 22:16:33.180
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-29 22:16:32.743
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 58%
Total physical RAM: 2042.47 MB
Available physical RAM: 849.23 MB
Total Pagefile: 4326.18 MB
Available Pagefile: 2791.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.9 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:288.09 GB) (Free:200.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:9 GB) (Free:1.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1 GB) (Free:0.99 GB) FAT32
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Und zum Schluss noch GMER - das lief allerdings erst beim zweiten Mal problemlos durch: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-31 22:35:41
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.8909 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\baldham\AppData\Local\Temp\pfdyiaob.sys
---- System - GMER 2.1 ----
SSDT 8F76658E ZwCreateSection
SSDT 8F766598 ZwRequestWaitReplyPort
SSDT 8F766593 ZwSetContextThread
SSDT 8F76659D ZwSetSecurityObject
SSDT 8F7665A2 ZwSystemDebugControl
SSDT 8F76652F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 82AAE860 4 Bytes [8E, 65, 76, 8F]
.text ntkrnlpa.exe!KeSetEvent + 539 82AAEB84 4 Bytes [98, 65, 76, 8F] {CWDE ; JBE 0xffffff93}
.text ntkrnlpa.exe!KeSetEvent + 56D 82AAEBB8 4 Bytes [93, 65, 76, 8F] {XCHG EBX, EAX; JBE 0xffffff93}
.text ntkrnlpa.exe!KeSetEvent + 5D1 82AAEC1C 4 Bytes [9D, 65, 76, 8F] {POPF ; JBE 0xffffff93}
.text ntkrnlpa.exe!KeSetEvent + 619 82AAEC64 4 Bytes [A2, 65, 76, 8F]
.text ...
? C:\windows\System32\Drivers\SafeBoot.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8DC0B000, 0x1FB95A, 0xE8000020]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186c5f047
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186c5f047 (not active ControlSet)
---- EOF - GMER 2.1 ----
Es wäre super, wenn da mal jemand drüber schauen könnte und Vorschläge hat.
Katja |