Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Unzählige Browserfenster öffnen sich| www.traderush.com? (https://www.trojaner-board.de/139018-unzaehlige-browserfenster-oeffnen-www-traderush-com.html)

Stotzi 29.07.2013 23:06
Unzählige Browserfenster öffnen sich| www.traderush.com?
 
Hallo,
wie schon oben im Titel genannt öffnen sich bei der Benutzung meines PCs immer wieder unzählige InternetExplorer Fenster und stellen sich in den Vordergrund, jeder dieser Fenster leitet sofort auf die doch etwas dubios wirkende Homepage hxxp://www.traderush.com/.
Es werden so lang neue Fenster geöffnet bis irgendwann das Windowsfenster "Internet Explorer reagiert nicht mehr" angezeigt wird. Nachdem der Internet Explorer auf diese weise "abgestürzt" ist, öffnen sich für ca. 20-30 Minuten keine weiteren Fenster bis dann die ganze Prozedur von vorne beginnt. Habe auch schon mehrfach "traderush trojaner, virus etc." eingegeben aber es scheint als wäre ich der einzigste der dieses Problem hat. Ich verzweifel langsam.
Ich hoffe hier kann mir jemand helfen!

Viele Grüße
Stotzi

ps. Danke schon mal im voraus für alle Bemühungen.:dankeschoen:

schrauber 30.07.2013 05:56
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Stotzi 30.07.2013 16:26
Datei Addition:FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-07-2013 03
Ran by ******** at 2013-07-30 17:23:57
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Air Display Support (Version: 1.6.1)
AMD Accelerated Video Transcoding (Version: 12.5.100.20928)
AMD APP SDK Runtime (Version: 10.0.1016.4)
AMD Catalyst Install Manager (Version: 8.0.891.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0928.1532.26058)
AMD Media Foundation Decoders (Version: 1.0.70928.1538)
AMD VISION Engine Control Center (Version: 2012.0928.1532.26058)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Audacity 2.0.2 (Version: 2.0.2)
AVG Security Toolbar (Version: 15.4.0.5)
Battlefield: Bad Company™ 2 (Version: 1.0.0.0)
Bing Bar (Version: 6.3.2291.0)
Blockscape Phase 1 (beta)
Bonjour (Version: 3.0.0.10)
Bus-Simulator 2012
Call of Duty: Black Ops - Multiplayer
Call of Duty: Black Ops II
Call of Duty: Black Ops II - Multiplayer
Call of Duty: Black Ops II - Zombies
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0928.1532.26058)
Catalyst Control Center InstallProxy (Version: 2012.0928.1532.26058)
Catalyst Control Center Localization All (Version: 2012.0928.1532.26058)
CCC Help Chinese Standard (Version: 2012.0928.1531.26058)
CCC Help Chinese Traditional (Version: 2012.0928.1531.26058)
CCC Help Czech (Version: 2012.0928.1531.26058)
CCC Help Danish (Version: 2012.0928.1531.26058)
CCC Help Dutch (Version: 2012.0928.1531.26058)
CCC Help English (Version: 2012.0928.1531.26058)
CCC Help Finnish (Version: 2012.0928.1531.26058)
CCC Help French (Version: 2012.0928.1531.26058)
CCC Help German (Version: 2012.0928.1531.26058)
CCC Help Greek (Version: 2012.0928.1531.26058)
CCC Help Hungarian (Version: 2012.0928.1531.26058)
CCC Help Italian (Version: 2012.0928.1531.26058)
CCC Help Japanese (Version: 2012.0928.1531.26058)
CCC Help Korean (Version: 2012.0928.1531.26058)
CCC Help Norwegian (Version: 2012.0928.1531.26058)
CCC Help Polish (Version: 2012.0928.1531.26058)
CCC Help Portuguese (Version: 2012.0928.1531.26058)
CCC Help Russian (Version: 2012.0928.1531.26058)
CCC Help Spanish (Version: 2012.0928.1531.26058)
CCC Help Swedish (Version: 2012.0928.1531.26058)
CCC Help Thai (Version: 2012.0928.1531.26058)
CCC Help Turkish (Version: 2012.0928.1531.26058)
ccc-utility (Version: 2012.0928.1532.26058)
Chaos on Deponia
Cheat Engine 6.3
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Counter-Strike Source
CraftBukkit (Version: RB)
DAEMON Tools Pro (Version: 5.2.0.0348)
Deponia
Die*Sims™*3 (Version: 1.0.631)
Edna & Harvey: Harvey's New Eyes
Facebook Messenger 2.1.4814.0 (Version: 2.1.4814.0)
Farming Simulator 2013
FIFA 12 (Version: 1.0.0.0)
Fraps (remove only)
Free Sound Recorder v9.4.1
GIMP 2.8.0 (Version: 2.8.0)
Google Chrome (Version: 28.0.1500.72)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.153)
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (Version: 22.50.231.0)
HP Deskjet 3050 J610 series Hilfe (Version: 140.0.63.63)
HP Photo Creations (Version: 1.0.0.3781)
HP Update (Version: 5.002.006.003)
iCloud (Version: 1.1.0.40)
iExplorer 3.0.1.1
iTunes (Version: 11.0.4.4)
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 31 (Version: 6.0.310)
John Deere North American Farmer
KMSpico 3.1 (Version: 3.1)
L.A. Noire (Version: 1.00.0000)
Landwirtschafts Simulator 2011 (Version: 1.0)
Landwirtschafts Simulator 2013 (Version: 1.0)
MacDrive 9 Standard (Version: 9.0.5.14)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office PowerPoint 2007 (Version: 12.0.4518.1014)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Silverlight (Version: 1.0.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Minecraft Texturepack Editor
Mobile Mouse Server (Version: 2.7.0)
Mozilla Thunderbird 12.0.1 (x86 de) (Version: 12.0.1)
MSVCRT Redists (Version: 1.0)
Need for Speed™ The Run (Version: 1.1.0.0)
NETGEAR WNA1100 wireless USB 2.0 adapter (Version: 1.0.0.0)
Origin (Version: 8.5.0.4554)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017)
Paint.NET v3.5.10 (Version: 3.60.0)
PdaNet Desktop for iPhone 5.30
Platform (Version: 1.34)
PunkBuster Services (Version: 0.986)
QuickTime (Version: 7.71.80.42)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.21.531.2010)
Reflector (Version: 1.2.3)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0)
Resource Hacker Version 3.6.0
Rockstar Games Social Club (Version: 1.1.0.1)
RollerCoaster Tycoon 3
SimCity™ (Version: 1.0.0.0)
Sitecom 150N USB Wireless LAN Driver and Utility (Version: 1.00.0165)
SoundTaxi 4.1.0
SoundTaxi Media Suite 4.1.0 (Version: 4.1.0)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
Steam (Version: 1.0.0.0)
Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten (Version: 22.50.231.0)
Team Fortress 2
Tom Clancy's Rainbow Six Vegas 2 (Version: 1.03)
TransMac version 10.4 (Version: 10.4)
Tunngle beta
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
USB97C210 Driver and Icon (Version: 2.1.0.1)
Vegas Pro 10.0 (Version: 10.0.669)
VIA Plattform-Geräte-Manager (Version: 1.34)
War Inc. Battlezone
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR 4.11 (32-Bit) (Version: 4.11.0)
Wireshark 1.8.2 (32-bit) (Version: 1.8.2)
 

==================== Restore Points  =========================

17-06-2013 16:45:44 Windows Update
23-06-2013 14:03:03 Windows Update
24-06-2013 00:40:55 Windows Update
02-07-2013 11:16:19 Windows Update
05-07-2013 01:00:55 Windows Update
21-07-2013 23:18:27 Windows Update
22-07-2013 11:58:41 Windows Update
28-07-2013 22:06:41 Windows Update
29-07-2013 16:00:34 TuneUp Utilities 2013 wird entfernt
29-07-2013 16:02:03 TuneUp Utilities Language Pack (de-DE) wird entfernt

==================== Hosts content: ==========================

2009-07-14 04:04 - 2012-04-08 04:50 - 00000852 ____A C:\Windows\system32\Drivers\etc\hosts
74.208.10.249 gs.apple.com

==================== Scheduled Tasks (whitelisted) =============

Task: {0DE040AF-A14E-45E9-BB20-500834751011} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {116A95E4-080D-4A3B-A101-4CC856D869FD} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {29C9B29D-79AC-44C8-828A-E50571256D68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-05] (Google Inc.)
Task: {4336A55D-3603-4392-B22F-CD8255B113C8} - System32\Tasks\PhotoProduct.exe => C:\Program Files\HP Photo Creations\PhotoProduct.exe [2010-07-01] (Visan / RocketLife)
Task: {6575B6C5-5024-4E7B-A590-AC047BD66E7D} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {6671433B-95E1-410E-9975-3EF8079D1603} - System32\Tasks\{4AB68EA9-545A-44BB-85BF-ECFFF6C19284} => C:\Users\Lukas Stotzem\Desktop\minecraft.exe No File
Task: {6F0304F8-C447-4C3B-9EDF-8159394DE231} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3019216842-846577017-2878185705-1000Core => C:\Users\Lukas Stotzem\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {7889BF10-639F-46F0-BC5D-3FFCA9D6168F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3019216842-846577017-2878185705-1000UA => C:\Users\Lukas Stotzem\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {98D0FAE3-F9CB-4704-BAB3-30657E7979F3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {99120F83-56E6-4866-9751-05E7193346DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-05] (Google Inc.)
Task: {994E6D3E-B909-401C-8AF9-141EEFFB92C4} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {C3AC6EEA-B6AC-4349-B830-EAACAE5D3F8A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C75E76C7-627D-4F02-8ECD-0FD5FDE85BF8} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {C798629F-05DA-4CD9-A38D-F03D6EF25C27} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {CA47098A-57B8-4F96-8A4E-E64074E1973B} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe No File
Task: {E7E9259B-322B-426A-BCA8-1234CD465E0F} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {EB272F49-3B8D-486F-B7B1-21B071C4CF4F} - System32\Tasks\KMS Activation => C:\Program Files\KMSpico\RandomFile.exe [2013-02-20] ()
Task: {F68E6850-BA19-4557-B8E9-063C7AEDA922} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3019216842-846577017-2878185705-1000Core.job => C:\Users\Lukas Stotzem\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3019216842-846577017-2878185705-1000UA.job => C:\Users\Lukas Stotzem\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: TAP-Win32 Adapter V9 (Tunngle)
Description: TAP-Win32 Adapter V9 (Tunngle)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9 (Tunngle)
Service: tap0901t
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SndTAudio
Description: SndTAudio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: SndTAudio
Service: SndTAudio
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2013 05:14:03 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ubd.exe, Version: 204.3.0.31, Zeitstempel: 0x4f3a19cc
Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195, Zeitstempel: 0x4dcddbf3
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000489bc
ID des fehlerhaften Prozesses: 0x15c
Startzeit der fehlerhaften Anwendung: 0xubd.exe0
Pfad der fehlerhaften Anwendung: ubd.exe1
Pfad des fehlerhaften Moduls: ubd.exe2
Berichtskennung: ubd.exe3

Error: (07/30/2013 06:59:14 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00045468
ID des fehlerhaften Prozesses: 0x8aac
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/30/2013 06:51:13 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00045568
ID des fehlerhaften Prozesses: 0x8b90
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/30/2013 06:48:37 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00045898
ID des fehlerhaften Prozesses: 0x9364
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/30/2013 06:27:56 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00045568
ID des fehlerhaften Prozesses: 0x73f8
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/30/2013 06:21:55 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000455d4
ID des fehlerhaften Prozesses: 0x83c4
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/30/2013 06:11:18 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004541d
ID des fehlerhaften Prozesses: 0x7ae4
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/30/2013 06:09:17 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000c42c2
ID des fehlerhaften Prozesses: 0x6820
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/30/2013 06:07:49 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00045424
ID des fehlerhaften Prozesses: 0x7fbc
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/30/2013 06:05:13 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000452d8
ID des fehlerhaften Prozesses: 0x60fc
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3


System errors:
=============
Error: (07/30/2013 05:08:49 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01
sfsync02

Error: (07/30/2013 05:08:27 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎30.‎07.‎2013 um 07:05:33 unerwartet heruntergefahren.

Error: (07/30/2013 05:08:03 PM) (Source: Application Popup) (User: )
Description: Treiber sfdrv01.sys konnte nicht geladen werden.

Error: (07/30/2013 05:07:58 PM) (Source: Application Popup) (User: )
Description: Treiber sfsync02.sys konnte nicht geladen werden.

Error: (07/30/2013 00:47:17 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (07/30/2013 00:27:41 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (07/30/2013 00:25:36 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (07/30/2013 00:24:30 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (07/30/2013 00:19:20 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (07/30/2013 00:18:19 AM) (Source: ipnathlp) (User: )
Description: 0


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 3198.18 MB
Available physical RAM: 1765.43 MB
Total Pagefile: 6394.65 MB
Available Pagefile: 4770.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:850.07 GB) (Free:233.25 GB) NTFS
Drive d: () (Fixed) (Total:81.35 GB) (Free:33.83 GB) NTFS
Drive f: (15.0.4420.1017) (CDROM) (Total:0.66 GB) (Free:0 GB) UDF
Drive i: (GRMCHPXFRER_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3C6FAEA0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=81 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=850 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---



Datei FRST:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 03
Ran by Lukas Stotzem (administrator) on 30-07-2013 17:23:07
Running from C:\Users\Lukas Stotzem\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
(Avatron Software) C:\Program Files\Avatron\Air Display\AVTHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe
() C:\Windows\system32\PnkBstrA.exe
(Realtek) C:\Program Files\SITECOM\150N USB Wireless LAN Utility\RtlService.exe
(Tunngle.net GmbH) C:\Program Files\Tunngle\TnglCtrl.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Realtek Semiconductor Corp.) C:\Program Files\SITECOM\150N USB Wireless LAN Utility\RtWlan.exe
() C:\Windows\DAODx.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Standard Microsystems Corp.) C:\Program Files\Icons\SetIcon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avatron Software, Inc) C:\Program Files\Avatron\Air Display\AirDisplay.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Spotify Ltd) C:\Users\Lukas Stotzem\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2285232 2013-07-30] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Shairport4w] - "C:\Users\Lukas Stotzem\Desktop\Shairport4w.exe" [x]
HKLM\...\Run: [SetIcon] - C:\Program Files\Icons\Seticon.exe [39936 2002-10-04] (Standard Microsystems Corp.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1780224 2010-03-15] (VIA)
HKLM\...\Run: [MacDrive 9 application] - C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe [480768 2012-12-11] (Mediafour Corporation)
HKLM\...\Run: [Aimersoft Helper Compact.exe] - C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [x]
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [Regedit32] - C:\Windows\system32\regedit.exe [x]
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKCU\...\Run: [Facebook Update] - C:\Users\Lukas Stotzem\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.)
HKCU\...\Run: [Steam] - C:\Program Files\Steam\steam.exe [1641896 2013-06-07] (Valve Corporation)
HKCU\...\Run: [Air Display Support] - C:\Program Files\Avatron\Air Display\AirDisplay.exe [2577304 2012-05-03] (Avatron Software, Inc)
HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKCU\...\Run: [Userinit] - C:\Users\Lukas Stotzem\AppData\Roaming\appConf32.exe [54736 2008-12-09] (Adobe Systems Incorporated)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Lukas Stotzem\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-06-17] (Spotify Ltd)
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKCU\...\Run: [Regedit32] - C:\Windows\system32\regedit.exe [x]
HKCU\...\Run: [Spotify] - C:\Users\Lukas Stotzem\AppData\Roaming\Spotify\Spotify.exe [4643328 2013-06-17] (Spotify Ltd)
HKCU\...\Run: [Exypt] - C:\Users\Lukas Stotzem\AppData\Roaming\Ohly\upzev.exe [261120 2012-04-27] ()
HKCU\...\Run: [IExplorer Util] - C:\Users\Lukas Stotzem\AppData\Roaming\ie_util.exe [93696 2013-05-05] ()
HKCU\...\Run: [cufdancegpun] - C:\Users\Lukas Stotzem\cufdancegpun.exe [40448 2013-07-02] ()
MountPoints2: {146c2718-90a1-11e1-9ba6-bcaec52ab3d6} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\index.html
MountPoints2: {808dcfe8-a4fb-11e2-b778-bcaec52ab3d6} - F:\SETUP.EXE
MountPoints2: {cf49e73e-5cd0-11e2-b27d-bcaec52ab3d6} - I:\sources\sperr32.exe x64
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={3AE42AA0-E525-4715-8C8C-869F699DE62A}&mid=bd793004ad2a47d08bd701bb71320574-ef9a495bc7da9ba33391b5d0eeda05be417e9ac6&lang=de&ds=st011&pr=sa&d=2012-03-31 11:53:51&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={3AE42AA0-E525-4715-8C8C-869F699DE62A}&mid=bd793004ad2a47d08bd701bb71320574-ef9a495bc7da9ba33391b5d0eeda05be417e9ac6&lang=de&ds=st011&pr=sa&d=2012-03-31 11:53:51&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU -No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: 74.208.10.249 gs.apple.com
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome:
=======
CHR HomePage: hxxp://de.msn.com/?ocid=iefvrt
CHR RestoreOnStartup:      "urls_to_restore_on_startup": null
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Lukas Stotzem\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Desktop) - C:\Users\Lukas Stotzem\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CHR Extension: (Google Docs) - C:\Users\LUKASS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.4.0.5\avg.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-09-28] (Advanced Micro Devices, Inc.)
R2 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-24] ()
R2 AVTHelper; C:\Program Files\Avatron\Air Display\AVTHelper.exe [174080 2012-05-03] (Avatron Software)
R2 MacDrive9Service; C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe [162816 2012-12-11] (Mediafour Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-04-14] ()
R2 Realtek11nSU; C:\Program Files\SITECOM\150N USB Wireless LAN Utility\RtlService.exe [36864 2010-04-17] (Realtek)
S3 SMServer; C:\Windows\system32\snmvtsvc.exe [245760 2010-09-10] (SMServer)
S3 STSService; C:\Program Files\SoundTaxi Media Suite\STSService.exe [348160 2010-09-10] ()
R2 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [741224 2011-08-09] (Tunngle.net GmbH)
R2 vToolbarUpdater15.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-07-30] (AVG Secure Search)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

R3 AirDisplay; C:\Windows\System32\DRIVERS\AVVideoCard.sys [14232 2012-05-03] (Windows (R) Win 7 DDK provider)
R3 AirDisplayMirror; C:\Windows\System32\DRIVERS\AVVideoCardMirror.sys [14232 2012-05-03] (Windows (R) Win 7 DDK provider)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-07-30] (AVG Technologies)
R1 CBDisk; C:\Windows\system32\drivers\CBDisk.sys [57800 2011-05-06] (EldoS Corporation)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-12] (DT Soft Ltd)
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [243920 2012-12-03] (Mediafour Corporation)
R0 MDPMGRNT; C:\Windows\System32\Drivers\MDPMGRNT.sys [29904 2012-12-03] (Mediafour Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R3 pnetmdm; C:\Windows\System32\DRIVERS\pnetmdm.sys [9472 2006-09-28] (June Fabrics Technology)
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [23608 2010-09-11] (Windows (R) Codename Longhorn DDK provider)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1127936 2010-03-02] (VIA Technologies, Inc.)
S3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2011-12-09] (Wondershare)
S3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2011-12-09] (Wondershare)
S3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2011-12-09] (Wondershare)
S3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2011-12-09] (Wondershare)
S3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2011-12-09] (Wondershare)
S3 amdiox86; system32\DRIVERS\amdiox86.sys [x]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 17:23 - 2013-07-30 17:23 - 00000000 ____D C:\FRST
2013-07-30 17:21 - 2013-07-30 17:22 - 01222114 _____ (Farbar) C:\Users\Lukas Stotzem\Desktop\FRST.exe
2013-07-30 00:58 - 2013-07-30 00:58 - 00043019 _____ C:\Users\Lukas
2013-07-29 02:41 - 2013-07-29 02:41 - 00144760 _____ C:\Windows\Minidump\072913-18642-01.dmp
2013-07-23 03:22 - 2013-07-23 03:22 - 00001193 _____ C:\Users\Lukas Stotzem\Desktop\Cubeworld Stats.CT
2013-07-23 02:43 - 2013-07-23 02:43 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-23 02:43 - 2013-07-23 02:43 - 00000000 ____D C:\Users\Lukas Stotzem\AppData\Roaming\TuneUp Software
2013-07-23 02:43 - 2013-07-23 02:43 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-07-23 02:30 - 2013-07-23 02:30 - 00001043 _____ C:\Users\Lukas Stotzem\Desktop\Cheat Engine.lnk
2013-07-23 02:30 - 2013-07-23 02:30 - 00000000 ____D C:\Users\Lukas Stotzem\Documents\My Cheat Tables
2013-07-23 02:30 - 2013-07-23 02:30 - 00000000 ____D C:\Users\Lukas Stotzem\AppData\Roaming\OpenCandy
2013-07-23 02:30 - 2013-07-23 02:30 - 00000000 ____D C:\Program Files\Cheat Engine 6.3
2013-07-23 02:26 - 2013-07-23 02:30 - 08062384 _____ (Cheat Engine                                                ) C:\Users\Lukas Stotzem\Downloads\CheatEngine63.exe
2013-07-22 20:56 - 2013-07-22 20:56 - 00000000 ____D C:\Users\Lukas Stotzem\Desktop\_CUBE_
2013-07-22 20:28 - 2013-07-22 20:43 - 33129973 _____ C:\Users\Lukas Stotzem\Desktop\_CUBE_.rar
2013-07-22 14:01 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-22 14:01 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-22 14:01 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-22 14:01 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-22 14:01 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-22 14:01 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-22 14:01 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-22 14:01 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-22 14:01 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-22 14:01 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-22 14:01 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-22 14:01 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-22 14:01 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-22 14:01 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-22 14:01 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-22 14:01 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-22 01:23 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-22 01:23 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-22 00:59 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-22 00:51 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-02 21:41 - 2013-07-02 22:51 - 98563400 _____ C:\Users\Lukas Stotzem\Downloads\TekkTown (#150).zip
2013-07-02 13:04 - 2013-07-02 13:04 - 00040448 _____ C:\Users\Lukas Stotzem\cufdancegpun.exe

==================== One Month Modified Files and Folders =======

2013-07-30 17:22 - 2013-07-30 17:21 - 01222114 _____ (Farbar) C:\Users\Lukas Stotzem\Desktop\FRST.exe
2013-07-30 17:18 - 2013-05-22 16:55 - 00000000 ____D C:\Program Files\KMSpico
2013-07-30 17:17 - 2012-03-30 22:37 - 01087014 _____ C:\Windows\WindowsUpdate.log
2013-07-30 17:15 - 2009-07-14 06:34 - 00018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 17:15 - 2009-07-14 06:34 - 00018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 17:14 - 2012-12-27 19:38 - 00000000 ____D C:\Users\Lukas Stotzem\AppData\Roaming\Spotify
2013-07-30 17:14 - 2012-07-03 23:00 - 00000000 ____D C:\Users\LUKASS~1\AppData\Local\CrashDumps
2013-07-30 17:14 - 2012-05-18 21:43 - 00000000 ____D C:\Program Files\Steam
2013-07-30 17:14 - 2009-07-14 06:39 - 00386332 _____ C:\Windows\setupact.log
2013-07-30 17:13 - 2013-04-05 01:00 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-30 17:08 - 2013-01-18 18:22 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-07-30 17:08 - 2012-03-31 12:40 - 00021904 _____ C:\Windows\PFRO.log
2013-07-30 17:08 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-30 06:53 - 2013-04-05 01:00 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-30 06:36 - 2012-03-31 13:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-30 05:22 - 2012-04-20 16:18 - 00001170 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3019216842-846577017-2878185705-1000UA.job
2013-07-30 00:58 - 2013-07-30 00:58 - 00043019 _____ C:\Users\Lukas
2013-07-30 00:58 - 2012-07-29 23:07 - 00000000 ____D C:\Users\Lukas Stotzem\AppData\Roaming\DVDVideoSoft
2013-07-30 00:57 - 2013-01-13 14:21 - 00000000 ____D C:\Program Files\Aimersoft
2013-07-30 00:24 - 2012-08-29 16:38 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2013-07-30 00:24 - 2012-03-31 11:53 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-07-29 23:44 - 2013-04-13 16:31 - 00215128 _____ C:\Windows\system32\PnkBstrB.xtr
2013-07-29 23:44 - 2013-04-13 15:55 - 00139128 _____ C:\Windows\system32\Drivers\PnkBstrK.sys
2013-07-29 23:44 - 2013-04-13 15:54 - 00215128 _____ C:\Windows\system32\PnkBstrB.exe
2013-07-29 23:18 - 2013-01-14 15:26 - 00000000 _____ C:\Windows\system32\Access.dat
2013-07-29 22:41 - 2013-04-13 15:54 - 00215128 _____ C:\Windows\system32\PnkBstrB.ex0
2013-07-29 17:33 - 2012-03-31 11:37 - 00000000 ____D C:\Users\Lukas Stotzem\AppData\Roaming\ICQ
2013-07-29 16:28 - 2012-04-20 16:18 - 00001148 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3019216842-846577017-2878185705-1000Core.job
2013-07-29 02:41 - 2013-07-29 02:41 - 00144760 _____ C:\Windows\Minidump\072913-18642-01.dmp
2013-07-29 02:41 - 2012-03-31 17:02 - 00000000 ____D C:\Windows\Minidump
2013-07-29 02:40 - 2012-03-31 17:02 - 382612378 _____ C:\Windows\MEMORY.DMP
2013-07-25 00:17 - 2013-03-07 16:13 - 00000000 ____D C:\Users\Lukas Stotzem\AppData\Roaming\.technic
2013-07-23 03:22 - 2013-07-23 03:22 - 00001193 _____ C:\Users\Lukas Stotzem\Desktop\Cubeworld Stats.CT
2013-07-23 02:43 - 2013-07-23 02:43 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-23 02:43 - 2013-07-23 02:43 - 00000000 ____D C:\Users\Lukas Stotzem\AppData\Roaming\TuneUp Software
2013-07-23 02:43 - 2013-07-23 02:43 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-07-23 02:30 - 2013-07-23 02:30 - 00001043 _____ C:\Users\Lukas Stotzem\Desktop\Cheat Engine.lnk
2013-07-23 02:30 - 2013-07-23 02:30 - 00000000 ____D C:\Users\Lukas Stotzem\Documents\My Cheat Tables
2013-07-23 02:30 - 2013-07-23 02:30 - 00000000 ____D C:\Users\Lukas Stotzem\AppData\Roaming\OpenCandy
2013-07-23 02:30 - 2013-07-23 02:30 - 00000000 ____D C:\Program Files\Cheat Engine 6.3
2013-07-23 02:30 - 2013-07-23 02:26 - 08062384 _____ (Cheat Engine                                                ) C:\Users\Lukas Stotzem\Downloads\CheatEngine63.exe
2013-07-22 20:56 - 2013-07-22 20:56 - 00000000 ____D C:\Users\Lukas Stotzem\Desktop\_CUBE_
2013-07-22 20:43 - 2013-07-22 20:28 - 33129973 _____ C:\Users\Lukas Stotzem\Desktop\_CUBE_.rar
2013-07-22 20:38 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-22 14:21 - 2009-07-14 06:33 - 00447312 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-22 14:19 - 2009-07-14 09:49 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-22 14:19 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-22 14:03 - 2012-03-31 11:00 - 00403272 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-22 14:03 - 2010-05-12 15:57 - 00008470 _____ C:\Windows\system32\prfh0816.dat
2013-07-22 14:03 - 2010-05-12 15:57 - 00006300 _____ C:\Windows\system32\prfc0816.dat
2013-07-22 14:03 - 2010-05-12 15:51 - 00008802 _____ C:\Windows\system32\perfh015.dat
2013-07-22 14:03 - 2010-05-12 15:51 - 00006626 _____ C:\Windows\system32\perfc015.dat
2013-07-22 14:03 - 2010-05-12 15:46 - 00008860 _____ C:\Windows\system32\perfh013.dat
2013-07-22 14:03 - 2010-05-12 15:46 - 00006438 _____ C:\Windows\system32\perfc013.dat
2013-07-22 14:03 - 2010-05-12 15:41 - 00008548 _____ C:\Windows\system32\perfh010.dat
2013-07-22 14:03 - 2010-05-12 15:41 - 00006220 _____ C:\Windows\system32\perfc010.dat
2013-07-22 01:59 - 2012-04-01 21:56 - 00000000 ____D C:\Program Files\Origin
2013-07-03 14:16 - 2012-03-31 11:53 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-07-02 22:51 - 2013-07-02 21:41 - 98563400 _____ C:\Users\Lukas Stotzem\Downloads\TekkTown (#150).zip
2013-07-02 17:30 - 2012-05-18 21:43 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-07-02 13:04 - 2013-07-02 13:04 - 00040448 _____ C:\Users\Lukas Stotzem\cufdancegpun.exe
2013-07-02 13:04 - 2012-03-30 23:00 - 00000000 ____D C:\Users\Lukas Stotzem

Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Users\Lukas Stotzem\cufdancegpun.exe
C:\Users\Lukas Stotzem\sumnambeaxil.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 20:13

==================== End Of Log ============================
--- --- ---

schrauber 31.07.2013 07:52
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:37 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131