Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner TR/Bublik.I.16, TR/Bublik.I.12 und EXP/CVE-2012-1723.PD

Trojaner TR/Bublik.I.16, TR/Bublik.I.12 und EXP/CVE-2012-1723.PD


Log-Analyse und Auswertung: Trojaner TR/Bublik.I.16, TR/Bublik.I.12 und EXP/CVE-2012-1723.PD

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 24.06.2013, 13:55   #3
Fantasyy
 
Trojaner TR/Bublik.I.16, TR/Bublik.I.12 und EXP/CVE-2012-1723.PD - Standard

Trojaner TR/Bublik.I.16, TR/Bublik.I.12 und EXP/CVE-2012-1723.PD


Hey,
danke für die schnelle Antwort erstmal, hier sind die Logs:

FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013
Ran by Björn (administrator) on 24-06-2013 14:52:36
Running from C:\Users\Björn\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe" [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [127616 2012-09-29] (Atheros Communications)
HKLM\...\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AsusTPLauncher - Verknüpfung.lnk
ShortcutTarget: AsusTPLauncher - Verknüpfung.lnk -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe (AsusTek)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\o7rljfli.default
FF Homepage: hxxp://www.gmx.net/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\o7rljfli.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome: 
=======
CHR RestoreOnStartup: "hxxp://www.gmx.net/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
CHR Extension: (Google Docs) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Battlefield Play4Free) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0
CHR Extension: (Gmail) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2008-06-13] (Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2723840 2008-06-13] (Firebird Project)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-04] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
U0 msahci; 
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
U3 pglcypog; \??\C:\Users\BJRN~1\AppData\Local\Temp\pglcypog.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-24 14:52 - 2013-06-24 14:52 - 00000000 ____D C:\FRST
2013-06-24 14:49 - 2013-06-24 14:49 - 01931364 ____A (Farbar) C:\Users\Björn\Desktop\FRST64.exe
2013-06-24 13:50 - 2013-06-24 13:50 - 00010231 ____A C:\Users\Björn\Desktop\gmer.log
2013-06-24 13:31 - 2013-06-24 13:31 - 00377856 ____A C:\Users\Björn\Desktop\gmer_2.1.19163.exe
2013-06-24 13:16 - 2013-06-24 13:16 - 00068586 ____A C:\Users\Björn\Desktop\Extras.Txt
2013-06-24 13:15 - 2013-06-24 13:15 - 00102648 ____A C:\Users\Björn\Desktop\OTL.Txt
2013-06-24 13:10 - 2013-06-24 13:10 - 00602112 ____A (OldTimer Tools) C:\Users\Björn\Desktop\OTL.exe
2013-06-24 13:10 - 2013-06-24 13:10 - 00000472 ____A C:\Users\Björn\Desktop\defogger_disable.log
2013-06-24 13:10 - 2013-06-24 13:10 - 00000000 ____A C:\Users\Björn\defogger_reenable
2013-06-24 13:03 - 2013-06-24 13:02 - 00050477 ____A C:\Users\Björn\Desktop\Defogger.exe
2013-06-12 20:54 - 2013-06-24 12:58 - 00952150 ____A C:\Windows\WindowsUpdate.log
2013-06-07 21:23 - 2013-06-21 09:10 - 00058362 ____A C:\Windows\DPINST.LOG
2013-06-07 15:38 - 2013-06-24 11:42 - 00000000 ____D C:\Program Files\Nightly
2013-06-07 15:38 - 2013-06-08 12:17 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Mozilla
2013-06-07 15:38 - 2013-06-07 15:38 - 00000864 ____A C:\Users\Public\Desktop\Nightly.lnk
2013-06-07 15:36 - 2013-06-07 15:37 - 24250211 ____A (Mozilla) C:\Users\Björn\Downloads\firefox-24.0a1.en-US.win64-x86_64.installer.exe
2013-06-07 15:09 - 2013-06-20 14:07 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-07 15:07 - 2013-06-07 15:07 - 00001130 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-07 15:06 - 2013-06-07 15:07 - 00000000 ____D C:\Users\Björn\AppData\Local\Deployment
2013-06-07 15:06 - 2013-06-07 15:06 - 00000000 ____D C:\Users\Björn\AppData\Local\Apps\2.0
2013-06-07 14:37 - 2013-06-07 14:37 - 02143832 ____A C:\Users\Björn\Downloads\instsf449.exe
2013-06-07 14:37 - 2013-06-07 14:37 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo
2013-06-07 13:18 - 2013-06-24 11:42 - 00009494 ____A C:\Windows\PFRO.log
2013-06-07 11:54 - 2013-06-07 11:54 - 00004032 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-06-07 00:44 - 2013-06-07 00:44 - 00308656 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-07 00:36 - 2013-06-24 11:40 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Inkued
2013-06-07 00:36 - 2013-06-23 21:22 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Nyhet
2013-06-07 00:36 - 2013-06-07 00:36 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Syehym
2013-05-28 11:15 - 2013-05-28 11:15 - 00000000 ____D C:\Users\Björn\AppData\Local\Activision
2013-05-27 17:37 - 2013-05-27 17:37 - 00000221 ____A C:\Users\Björn\Desktop\Call of Duty Black Ops - Multiplayer.url

==================== One Month Modified Files and Folders =======

2013-06-24 14:52 - 2013-06-24 14:52 - 00000000 ____D C:\FRST
2013-06-24 14:49 - 2013-06-24 14:49 - 01931364 ____A (Farbar) C:\Users\Björn\Desktop\FRST64.exe
2013-06-24 14:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-24 13:50 - 2013-06-24 13:50 - 00010231 ____A C:\Users\Björn\Desktop\gmer.log
2013-06-24 13:42 - 2012-12-19 21:18 - 00000401 ____A C:\Users\Björn\AppData\Roaming\sp_data.sys
2013-06-24 13:31 - 2013-06-24 13:31 - 00377856 ____A C:\Users\Björn\Desktop\gmer_2.1.19163.exe
2013-06-24 13:16 - 2013-06-24 13:16 - 00068586 ____A C:\Users\Björn\Desktop\Extras.Txt
2013-06-24 13:15 - 2013-06-24 13:15 - 00102648 ____A C:\Users\Björn\Desktop\OTL.Txt
2013-06-24 13:10 - 2013-06-24 13:10 - 00602112 ____A (OldTimer Tools) C:\Users\Björn\Desktop\OTL.exe
2013-06-24 13:10 - 2013-06-24 13:10 - 00000472 ____A C:\Users\Björn\Desktop\defogger_disable.log
2013-06-24 13:10 - 2013-06-24 13:10 - 00000000 ____A C:\Users\Björn\defogger_reenable
2013-06-24 13:10 - 2012-12-19 21:14 - 00000000 ____D C:\users\Björn
2013-06-24 13:02 - 2013-06-24 13:03 - 00050477 ____A C:\Users\Björn\Desktop\Defogger.exe
2013-06-24 12:58 - 2013-06-12 20:54 - 00952150 ____A C:\Windows\WindowsUpdate.log
2013-06-24 12:22 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-06-24 11:42 - 2013-06-07 15:38 - 00000000 ____D C:\Program Files\Nightly
2013-06-24 11:42 - 2013-06-07 13:18 - 00009494 ____A C:\Windows\PFRO.log
2013-06-24 11:41 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-06-24 11:40 - 2013-06-07 00:36 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Inkued
2013-06-24 11:36 - 2012-12-20 18:04 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Skype
2013-06-24 11:21 - 2013-05-08 15:04 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-23 21:22 - 2013-06-07 00:36 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Nyhet
2013-06-23 20:57 - 2012-12-21 17:47 - 00282104 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-06-23 20:57 - 2012-12-20 19:58 - 00282104 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-06-23 20:57 - 2012-12-20 19:58 - 00234768 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-06-23 11:19 - 2013-01-13 20:52 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Nettalk
2013-06-23 11:02 - 2012-08-03 01:02 - 00753134 ____A C:\Windows\System32\perfh007.dat
2013-06-23 11:02 - 2012-08-03 01:02 - 00155826 ____A C:\Windows\System32\perfc007.dat
2013-06-23 11:02 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-23 02:06 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\NDF
2013-06-21 09:10 - 2013-06-07 21:23 - 00058362 ____A C:\Windows\DPINST.LOG
2013-06-20 14:07 - 2013-06-07 15:09 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-19 19:12 - 2013-01-03 19:38 - 00203776 __ASH C:\Users\Björn\Desktop\Thumbs.db
2013-06-13 16:18 - 2013-01-09 14:02 - 00000000 ____D C:\Users\Björn\AppData\Local\CrashDumps
2013-06-08 12:17 - 2013-06-07 15:38 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Mozilla
2013-06-08 12:17 - 2012-12-19 21:26 - 00000000 ____D C:\Users\Björn\AppData\Local\Mozilla
2013-06-07 15:38 - 2013-06-07 15:38 - 00000864 ____A C:\Users\Public\Desktop\Nightly.lnk
2013-06-07 15:37 - 2013-06-07 15:36 - 24250211 ____A (Mozilla) C:\Users\Björn\Downloads\firefox-24.0a1.en-US.win64-x86_64.installer.exe
2013-06-07 15:34 - 2013-05-20 22:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-07 15:09 - 2013-02-21 19:10 - 00000000 ____D C:\Users\Björn\AppData\Local\Google
2013-06-07 15:08 - 2013-02-21 19:10 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-07 15:07 - 2013-06-07 15:07 - 00001130 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-07 15:07 - 2013-06-07 15:06 - 00000000 ____D C:\Users\Björn\AppData\Local\Deployment
2013-06-07 15:06 - 2013-06-07 15:06 - 00000000 ____D C:\Users\Björn\AppData\Local\Apps\2.0
2013-06-07 14:37 - 2013-06-07 14:37 - 02143832 ____A C:\Users\Björn\Downloads\instsf449.exe
2013-06-07 14:37 - 2013-06-07 14:37 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo
2013-06-07 13:08 - 2013-04-03 23:40 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-07 13:05 - 2013-01-27 14:33 - 00000000 ____D C:\ProgramData\Ubisoft
2013-06-07 13:04 - 2013-01-27 14:09 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-06-07 11:57 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-07 11:54 - 2013-06-07 11:54 - 00004032 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-06-07 11:54 - 2013-04-14 12:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-07 00:44 - 2013-06-07 00:44 - 00308656 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-07 00:36 - 2013-06-07 00:36 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Syehym
2013-05-28 11:15 - 2013-05-28 11:15 - 00000000 ____D C:\Users\Björn\AppData\Local\Activision
2013-05-27 17:37 - 2013-05-27 17:37 - 00000221 ____A C:\Users\Björn\Desktop\Call of Duty Black Ops - Multiplayer.url

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-01 14:05

==================== End Of Log ============================
--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2013
Ran by Björn at 2013-06-24 14:53:05
Running from C:\Users\Björn\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.202)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
ASUS Instant Connect (x32 Version: 1.2.8)
ASUS InstantOn (x32 Version: 3.0.4)
ASUS LifeFrame3 (x32 Version: 3.1.9)
ASUS Live Update (x32 Version: 3.1.9)
ASUS Power4Gear Hybrid (Version: 2.0.4)
ASUS Product Demo Movie  (x32 Version: 1.0.3)
ASUS Smart Gesture (x32 Version: 1.0.35)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.03.0005)
ASUS Tutor (x32 Version: 1.0.7)
ASUS USB Charger Plus (x32 Version: 2.1.5)
ASUS WebStorage Sync Agent (x32 Version: 1.1.9.120)
ASUSDVD (x32 Version: 10.0.4126.52)
ATK Package (x32 Version: 1.0.0023)
Avira Free Antivirus (x32 Version: 13.0.0.3736)
Battlefield Play4Free (Björn) (HKCU)
Call of Duty: Black Ops - Multiplayer (x32)
CCleaner (Version: 3.27)
Command & Conquer Generals (x32 Version: 0.50.0000)
Command & Conquer™ Alarmstufe Rot 3 (x32 Version: 1.0.1.0)
Command and Conquer(TM) Generäle Die Stunde Null  (x32 Version: 1.00.0000)
Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0)
Company of Heroes (x32 Version: 2.602.0)
Diablo III (x32 Version: 1.0.7.15295)
Firebird 2.1.1.17910 (Win32) (x32 Version: 2.1.1.17910)
Google Chrome (x32 Version: 27.0.1453.116)
Google Update Helper (x32 Version: 1.3.21.145)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2843)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Medieval II Total War (x32 Version: 1.00.0000)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MSI to redistribute MS VS2005 CRT libraries (x32 Version: 8.0.50727.42)
Nettalk 6.7 (x32)
Nightly 24.0a1 (x64 en-US) (Version: 24.0a1)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (x32 Version: 9.12.0613)
NVIDIA PhysX System Software 9.12.0613 (Version: 9.12.0613)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
PunkBuster Services (x32 Version: 0.990)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.210)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6657)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.30136)
S4 League_EU (x32 Version: 1.00.0000)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 6.3 (x32 Version: 6.3.107)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (HKCU Version: 3.0.10.1)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Windows-Treiberpaket - ASUS (ATP) Mouse  (10/13/2012 1.0.0.146) (Version: 10/13/2012 1.0.0.146)
Windows-Treiberpaket - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (Version: 10/29/2012 1.0.0.148)
WinFlash (x32 Version: 2.41.1)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

28-05-2013 09:13:18 DirectX wurde installiert
04-06-2013 15:41:24 Windows Update
07-06-2013 09:54:02 Installed Java 7 Update 21

==================== Scheduled Tasks (whitelisted) =============

Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1967836F-4E29-498B-A95C-D2EE29D978CE} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2755EC75-39D7-47F8-8CCE-90094B9719E2} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {295D7AFB-1751-4BE3-A325-1788AA40047B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {299B2E56-8414-41D5-B5DF-DA2F2F1685D2} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2609407685-374623224-4235352812-1002 => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {3D46BC9E-4400-4012-85C7-A74744E7EC99} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5917AE2C-D03A-46DB-961D-A6F3E4CF1986} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6E7A6BE3-F6A3-476D-8DE8-4C9D897AFABC} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2609407685-374623224-4235352812-1002
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {818DA099-2326-4B3B-B675-1FE4ED4BF9C8} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB407FD1-FA46-40BF-A2F5-C284373E30BD} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\System32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {ABBE31E9-8BEE-4118-A5FB-F1A192A28940} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {AFA7F299-EBB3-4DBA-A49F-1A2C7A19F6E3} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {BAAFCCB0-EF6C-4899-A647-A634DDB564EB} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-09-24] (ASUS)
Task: {BC753DAC-647C-4FF8-AFFA-45BE38C7819F} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {CBE3AAC9-6FBE-4587-A436-388A7C353DF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-07] (Google Inc.)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2013 02:52:48 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:52:48Z. Fehlercode: 0x80040154.

Error: (06/24/2013 02:52:18 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:52:18Z. Fehlercode: 0x80040154.

Error: (06/24/2013 02:51:21 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:51:21Z. Fehlercode: 0x80040154.

Error: (06/24/2013 02:50:51 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:50:51Z. Fehlercode: 0x80040154.

Error: (06/24/2013 02:50:21 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:50:21Z. Fehlercode: 0x80040154.

Error: (06/24/2013 02:49:51 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:49:51Z. Fehlercode: 0x80040154.

Error: (06/24/2013 02:49:21 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:49:21Z. Fehlercode: 0x80040154.

Error: (06/24/2013 02:48:51 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:48:51Z. Fehlercode: 0x80040154.

Error: (06/24/2013 02:48:21 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:48:21Z. Fehlercode: 0x80040154.

Error: (06/24/2013 02:47:51 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:47:51Z. Fehlercode: 0x80040154.


System errors:
=============
Error: (06/24/2013 01:40:20 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?24.?06.?2013 um 13:02:28 unerwartet heruntergefahren.

Error: (06/08/2013 06:28:43 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "BEATE-LAPTOP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{56A97C74-4CAD-41E1-850E-506B76A221CA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/07/2013 00:37:43 AM) (Source: DCOM) (User: BJÖRN-LAPTOP)
Description: {E70C92A9-4BFD-11D1-8A95-00C04FB951F3}

Error: (05/27/2013 05:21:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/27/2013 05:21:26 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (180000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (05/27/2013 10:32:54 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "BEATE-LAPTOP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{56A97C74-4CAD-41E1-850E-506B76A221CA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (05/14/2013 07:34:13 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.101
registriert werden. Der Computer mit IP-Adresse 192.168.2.103 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (05/06/2013 09:09:46 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "BEATE-LAPTOP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{56A97C74-4CAD-41E1-850E-506B76A221CA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (05/06/2013 03:44:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/06/2013 03:44:17 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.


Microsoft Office Sessions:
=========================
Error: (06/24/2013 02:53:18 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542113-05-31T12:53:18Z

Error: (06/24/2013 02:52:48 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542113-05-31T12:52:48Z

Error: (06/24/2013 02:52:18 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542113-05-31T12:52:18Z

Error: (06/24/2013 02:51:21 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542113-05-31T12:51:21Z

Error: (06/24/2013 02:50:51 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542113-05-31T12:50:51Z

Error: (06/24/2013 02:50:21 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542113-05-31T12:50:21Z

Error: (06/24/2013 02:49:51 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542113-05-31T12:49:51Z

Error: (06/24/2013 02:49:21 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542113-05-31T12:49:21Z

Error: (06/24/2013 02:48:51 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542113-05-31T12:48:51Z

Error: (06/24/2013 02:48:21 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542113-05-31T12:48:21Z


==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 8069.52 MB
Available physical RAM: 6483.8 MB
Total Pagefile: 9285.52 MB
Available Pagefile: 7781.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:77.82 GB) NTFS (Disk=0 Partition=4) ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.44 GB) (Free:256.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 4AD209D2)

Partition: GPT Partition Type
==================== End Of Log ============================
Gruß
Björn
__________________
 

Themen zu Trojaner TR/Bublik.I.16, TR/Bublik.I.12 und EXP/CVE-2012-1723.PD
adobe reader xi, autorun, avira, battle.net, bho, black, cloud, cpu, desktop, dllhost.exe, down, error, firefox, flash player, iexplore.exe, install.exe, installation, livecomm.exe, logfile, ntdll.dll, nvpciflt.sys, plug-in, programm, prozesse, realtek, registry, rundll, security, software, svchost.exe, teamspeak, tr/bublik.i.12, tr/bublik.i.16, trojaner, warnung, windows, windowsapps, wlan


« System Care Antivirus wie entfernen? | GVU BKA Trojaner TR/Drop.VB.cezx und diverse TR/Ransom.CPron »


Ähnliche Themen: Trojaner TR/Bublik.I.16, TR/Bublik.I.12 und EXP/CVE-2012-1723.PD


  1. Bublik A.30.132 Trojaner
    Log-Analyse und Auswertung - 07.12.2013 (14)
  2. Kaspersky findet 2 trojanische Programme (Windows 7): HEUR:Exploit.Java.CVE-2012-1723.gen und Exploit.Java.CVE-2012-1723.nh
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (14)
  3. TR/Spy.ZBot.mltm / TR/Bublik.I.16 / TR/Ransom.Blocker.blak / TR/Agent.57344.206 / TR/Bublik.I.14
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (11)
  4. Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V
    Lob, Kritik und Wünsche - 04.06.2013 (1)
  5. Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V
    Log-Analyse und Auswertung - 04.06.2013 (24)
  6. Trojaner : Win32/Bublik.I
    Log-Analyse und Auswertung - 26.05.2013 (25)
  7. Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an
    Log-Analyse und Auswertung - 24.05.2013 (23)
  8. Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (17)
  9. Microsoft Security Essential findet Trojaner Win32/Bublik.I
    Plagegeister aller Art und deren Bekämpfung - 16.05.2013 (13)
  10. Bublik Trojaner
    Log-Analyse und Auswertung - 15.05.2013 (11)
  11. Mehrere Trojaner (bublik.I.9 und 10, PWS.Zbot, Ransom.Blocker) von Avira entdeckt!
    Log-Analyse und Auswertung - 12.05.2013 (11)
  12. Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc.
    Log-Analyse und Auswertung - 16.04.2013 (19)
  13. antivir findet TR/Bublik.I.2 und danach TR/Bublik.I.3 .. doppelte Zeichen ^^
    Log-Analyse und Auswertung - 10.03.2013 (3)
  14. MSE findet Java-Expoits und Trojaner Win32/Bublik.I
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (23)
  15. Trojaner Sireref.P und Bublik.B
    Log-Analyse und Auswertung - 06.07.2012 (2)
  16. Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber?
    Log-Analyse und Auswertung - 01.02.2012 (26)
  17. Antiviren-Software hat Trojaner TR/Bublik.B.30 gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.09.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner TR/Bublik.I.16, TR/Bublik.I.12 und EXP/CVE-2012-1723.PD - Hey, danke für die schnelle Antwort erstmal, hier sind die Logs: FRST: FRST Logfile: Code: Alles auswählen Aufklappen ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013 - Trojaner TR/Bublik.I.16, TR/Bublik.I.12 und EXP/CVE-2012-1723.PD...
Archiv
Du betrachtest: Trojaner TR/Bublik.I.16, TR/Bublik.I.12 und EXP/CVE-2012-1723.PD auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27