| |
| |||||||
Log-Analyse und Auswertung: Vista: nach Avira Systemcheck einige Malware und Trojaner gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.01.2014, 15:23
| #1 |
| |  Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden Hallo liebe Leute!! Nachdem ich kürzlich von dem großen Datenklau erfahren habe, habe ich den BSI-Sicherheitstest auf der Seite https://www.sicherheitstest.bsi.de/ durchgeführt und erfahren, dass mein e-mail Account betroffen war. Danach habe ich einen Avira Systemcheck gemacht und war über einige Funde erschrocken.  Ich würde mich sehr freuen, wenn ihr mir dabei helfen könntet!! hier kommen die Logs: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:58 on 25/01/2014 (klo)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2014
Ran by klo (administrator) on KLO-PC on 25-01-2014 12:32:21
Running from C:\Users\klo\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor Corp.) C:\Users\klo\AppData\Local\Temp\RtkBtMnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Spotify Ltd) C:\Users\klo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Users\klo\AppData\Local\Temp\Rar$EX29.456\AA1FanControl.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-05-14] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-05-30] (Acer Incorporated)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [817672 2008-06-04] (Dritek System Inc.)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM\...\RunOnce: [NoIE4StubProcessing] - C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f [61952 2009-04-10] (Microsoft Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKCU\...\Run: [Spotify] - C:\Users\klo\AppData\Roaming\Spotify\Spotify.exe [5951488 2014-01-01] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\klo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-01-01] (Spotify Ltd)
HKCU\...\Run: [Acer Aspire One Fan Control] - C:\Users\klo\AppData\Local\Temp\Rar$EX29.456\AA1FanControl.exe [800256 2008-10-23] () <===== ATTENTION
MountPoints2: {79471583-06e0-11e1-917d-00238b00b369} - F:\SETUP.EXE
MountPoints2: {aa781c5d-8da3-11e2-9752-00238b00b369} - G:\Startme.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
IFEO\spyhunter4.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1011&m=aspire_6930g
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1011&m=aspire_6930g
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1011&m=aspire_6930g
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE453DE453
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE453DE453
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\klo\AppData\Roaming\Mozilla\Firefox\Profiles\3yqvbe21.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @protectdisc.com/NPPDLicenseHelper - C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\klo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\klo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\klo\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\klo\AppData\Roaming\Mozilla\Firefox\Profiles\3yqvbe21.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF Extension: Adblock Plus - C:\Users\klo\AppData\Roaming\Mozilla\Firefox\Profiles\3yqvbe21.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-01]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] ()
S4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
S4 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)
==================== Drivers (Whitelisted) ====================
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277544 2009-01-19] (Protect Software GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [279712 2013-02-08] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-11-13] (DT Soft Ltd)
R2 enodpl; C:\Windows\System32\drivers\enodpl.sys [7552 2003-03-02] ()
R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2007-01-26] ()
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [47104 2008-05-19] (Atheros Communications, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-02-08] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-05] (Avira GmbH)
R2 tandpl; C:\Windows\System32\drivers\tandpl.sys [4736 2003-04-18] ()
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-18] (Cyberlink Corp.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 gsplittm; \??\C:\Users\klo\AppData\Local\Temp\gsplittm.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-25 12:32 - 2014-01-25 12:33 - 00018358 _____ C:\Users\klo\Desktop\FRST.txt
2014-01-25 12:32 - 2014-01-25 12:32 - 00000000 ____D C:\FRST
2014-01-25 12:31 - 2014-01-25 12:31 - 01222144 _____ (Farbar) C:\Users\klo\Desktop\FRST.exe
2014-01-25 12:28 - 2014-01-25 12:28 - 00050477 _____ C:\Users\klo\Desktop\Defogger.exe
2014-01-25 12:28 - 2014-01-25 12:28 - 00000538 _____ C:\Users\klo\Downloads\defogger_disable.log
2014-01-25 12:28 - 2014-01-25 12:28 - 00000156 _____ C:\Users\klo\defogger_reenable
2014-01-25 12:23 - 2014-01-25 12:26 - 00003682 _____ C:\Windows\IE9_main.log
2014-01-25 12:13 - 2014-01-25 12:14 - 00429752 _____ C:\Windows\msxml4-KB973688-enu.LOG
2014-01-25 12:06 - 2014-01-25 12:09 - 00000000 ____D C:\Windows\system32\MRT
2014-01-06 20:53 - 2014-01-06 20:53 - 00000000 ____D C:\Users\klo\Desktop\Suhl Februar 2013
2013-12-31 15:31 - 2013-12-31 15:31 - 00001047 _____ C:\Users\klo\Desktop\FalloutLauncher - Verknüpfung.lnk
2013-12-30 16:06 - 2013-12-30 16:06 - 00001679 _____ C:\Users\klo\Desktop\Quiche.txt
2013-12-30 15:39 - 2013-12-28 12:55 - 00000000 ____D C:\Users\klo\Desktop\KPpr0n
==================== One Month Modified Files and Folders =======
2014-01-25 12:33 - 2014-01-25 12:32 - 00018358 _____ C:\Users\klo\Desktop\FRST.txt
2014-01-25 12:32 - 2014-01-25 12:32 - 00000000 ____D C:\FRST
2014-01-25 12:32 - 2013-01-08 13:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-25 12:32 - 2011-10-10 14:22 - 01424726 _____ C:\Windows\WindowsUpdate.log
2014-01-25 12:31 - 2014-01-25 12:31 - 01222144 _____ (Farbar) C:\Users\klo\Desktop\FRST.exe
2014-01-25 12:29 - 2008-01-21 08:16 - 01628402 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-25 12:28 - 2014-01-25 12:28 - 00050477 _____ C:\Users\klo\Desktop\Defogger.exe
2014-01-25 12:28 - 2014-01-25 12:28 - 00000538 _____ C:\Users\klo\Downloads\defogger_disable.log
2014-01-25 12:28 - 2014-01-25 12:28 - 00000156 _____ C:\Users\klo\defogger_reenable
2014-01-25 12:28 - 2011-10-10 14:30 - 00000000 ____D C:\Users\klo
2014-01-25 12:28 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-25 12:26 - 2014-01-25 12:23 - 00003682 _____ C:\Windows\IE9_main.log
2014-01-25 12:14 - 2014-01-25 12:13 - 00429752 _____ C:\Windows\msxml4-KB973688-enu.LOG
2014-01-25 12:09 - 2014-01-25 12:06 - 00000000 ____D C:\Windows\system32\MRT
2014-01-25 12:02 - 2011-11-18 01:04 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-25 12:02 - 2011-11-18 01:04 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-25 11:51 - 2011-10-10 16:06 - 00000000 ____D C:\Users\klo\AppData\Local\Adobe
2014-01-25 10:44 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-25 10:44 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-25 08:47 - 2012-04-02 20:16 - 00000000 ____D C:\Users\klo\AppData\Roaming\Spotify
2014-01-25 08:46 - 2011-10-10 14:48 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2014-01-25 08:44 - 2012-06-07 07:40 - 05410010 _____ C:\Windows\PFRO.log
2014-01-25 08:44 - 2008-07-30 03:13 - 00000147 _____ C:\Windows\system32\agent.log
2014-01-25 08:44 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-25 01:45 - 2006-11-02 14:01 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-24 13:25 - 2012-08-22 11:42 - 00000000 ____D C:\Program Files\Diablo II
2014-01-18 16:16 - 2012-06-06 22:26 - 00041348 _____ C:\Windows\setupact.log
2014-01-17 14:20 - 2008-07-30 02:22 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-06 20:58 - 2011-10-18 23:05 - 00160768 _____ C:\Users\klo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-06 20:53 - 2014-01-06 20:53 - 00000000 ____D C:\Users\klo\Desktop\Suhl Februar 2013
2014-01-06 19:39 - 2013-12-19 10:49 - 00000000 ____D C:\Users\klo\AppData\Local\Fallout3
2014-01-06 16:20 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-01 17:18 - 2013-09-10 08:38 - 00000113 _____ C:\Users\klo\Desktop\Zugang 1&1.txt
2013-12-31 20:35 - 2012-04-02 20:16 - 00000000 ____D C:\Users\klo\AppData\Local\Spotify
2013-12-31 15:31 - 2013-12-31 15:31 - 00001047 _____ C:\Users\klo\Desktop\FalloutLauncher - Verknüpfung.lnk
2013-12-30 16:06 - 2013-12-30 16:06 - 00001679 _____ C:\Users\klo\Desktop\Quiche.txt
2013-12-28 12:55 - 2013-12-30 15:39 - 00000000 ____D C:\Users\klo\Desktop\KPpr0n
Files to move or delete:
====================
C:\Users\klo\AppData\Local\Temp\Rar$EX29.456\AA1FanControl.exe
C:\ProgramData\dsgsdgdsgdsgw.pad
Some content of TEMP:
====================
C:\Users\klo\AppData\Local\Temp\avgnt.exe
C:\Users\klo\AppData\Local\Temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-25 08:52
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2014
Ran by klo at 2014-01-25 12:33:33
Running from C:\Users\klo\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 2.1.0 - Hewlett-Packard) Hidden
Acer Arcade Deluxe (Version: 2.0.5529 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.0.5529 - CyberLink Corp.) Hidden
Acer Crystal Eye Webcam (Version: 5.2.7.1 - Suyin Optronics Corp)
Acer eAudio Management (Version: 3.0.3008 - CyberLink Corp.)
Acer eDataSecurity Management (Version: 3.0.3062 - Egis Inc.)
Acer Empowering Technology (Version: 3.0.3009 - Acer Incorporated)
Acer ePower Management (Version: 3.0.3014 - Acer Incorporated)
Acer eRecovery Management (Version: 3.0.3014 - Acer Incorporated)
Acer eSettings Management (Version: 3.0.3007 - Acer Incorporated)
Acer GridVista (Version: 2.72.317 - )
Activation Assistant for the 2007 Microsoft Office suites (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.5) - Deutsch (Version: 10.1.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122 - Adobe Systems, Inc.)
AIO_Scan (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (Version: 1.0.0.30 - Atheros Communications Inc.)
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar (Version: 12.10.0.2948 - APN, LLC)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
C5200 (Version: 100.0.206.000 - Ihr Firmenname) Hidden
C5200_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (Version: - ) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
Copy (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink PowerDirector (Version: 6.5.3023d - CyberLink Corp.)
CyberLink PowerDirector (Version: 6.5.3023d - CyberLink Corp.) Hidden
DAEMON Tools Lite (Version: 4.46.1.0327 - DT Soft Ltd)
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Diablo II (Version: - )
DivX-Setup (Version: 2.6.1.5 - DivX, LLC)
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKCU Version: 2.0.5 - Dropbox, Inc.)
Dunkle Magie (Version: 1.3a - LAP)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Facebook Video Calling 1.2.0.287 (Version: 1.2.287 - Skype Limited)
Fallout 3 (Version: 1.00.0000 - Bethesda Softworks)
Fax (Version: 100.0.187.000 - Hewlett-Packard) Hidden
Foxit PDF Creator Toolbar (Version: 1.15.4.0 - Ask.com)
Foxit PDF Creator Toolbar Updater (HKCU Version: 1.2.2.23821 - Ask.com)
Free YouTube to MP3 Converter version 3.11.34.1015 (Version: 3.11.34.1015 - DVDVideoSoft Ltd.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Gothic II - Die Nacht des Raben (Version: - JoWooD Productions Software AG)
Gothic II (Version: - JoWooD Productions Software AG)
Gothic III - Götterdämmerung Patch (Version: 1.0.0 - JoWood) Hidden
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.73.00.52 - Conexant Systems)
Hero Editor V1.04 (Version: - )
HP Customer Participation Program 10.0 (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (Version: 10.0 - HP)
HP Photosmart All-In-One Driver Software 10.0 Rel .2 (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Photosmart Essential 2.5 (Version: 2.5 - HP)
HP Smart Web Printing (Version: 3.5 - HP)
HP Solution Center 10.0 (Version: 10.0 - HP)
HP Update (Version: 4.000.007.003 - Hewlett-Packard)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (Version: 12.00.0004 - Intel(R) Corporation)
Intel® Matrix Storage Manager (Version: - Intel Corporation)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 29 (Version: 6.0.290 - Oracle)
JavaFX 2.1.1 (Version: 2.1.1 - Oracle Corporation)
Launch Manager (Version: - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
MarketingReg (Version: 1.00.1 - Hewlett-Packard) Hidden
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Game Studios Common Redistributables Pack 1 (Version: 1.0.0 - Microsoft Game Studios) Hidden
Microsoft Games for Windows - LIVE Redistributable (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
NTI Backup Now 5 (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NVIDIA Grafiktreiber 307.83 (Version: 307.83 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0604 (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Systemsteuerung 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S. 10.0 (Version: 10.0 - HP)
OpenOffice.org 3.3 (Version: 3.3.9567 - OpenOffice.org)
PanoStandAlone (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Protect Disc License Helper 1.0.118 (Version: 1.0.118 - Protect Disc)
ProtectDisc Driver, Version 11 (Version: 11.0.0.11 - ProtectDisc Software GmbH)
PS_AIO_02_ProductContext (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (Version: - Realtek Semiconductor Corp.)
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (Version: 10.0 - HP)
Skype™ 6.7 (Version: 6.7.102 - Skype Technologies S.A.)
SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
SPBA 5.8 (Version: 5.8.2.4218 - UPEK Inc.)
Spotify (HKCU Version: 0.9.6.81.gd359a796 - Spotify AB)
Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 11.1.4.0 - Synaptics)
System Requirements Lab (Version: - )
Tinypic 3.18 (Version: Tinypic 3.18 - E. Fiedler)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TuneUp Utilities 2011 (Version: 10.0.4600.4 - TuneUp Software)
TuneUp Utilities 2011 (Version: 10.0.4600.4 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4600.4 - TuneUp Software) Hidden
TVicPort 4.1 Free Personal Edition (Version: - )
UltraStar Deluxe (Version: 1.1 - USDX Team)
Unity Web Player (HKCU Version: - Unity Technologies ApS)
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1 - Microsoft Corporation)
VarusBiker Edition (Version: 1.4b - VarusBiker)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Velaya - Geschichte einer Kriegerin (Version: 1.1 - Schreiberling und Sektenspinner)
Velaya Sprachausgabe 1.00 (Version: - Schreiberling und Sektenspinner)
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
VLC media player 1.1.11 (Version: 1.1.11 - VideoLAN)
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Winbond CIR Device Drivers (Version: 7.60.1012 - Winbond Electronics Corporation)
WinRAR 4.01 (32-Bit) (Version: 4.01.0 - win.rar GmbH)
X in 1 Mod (Version: 1.1 - bonne6 und davied)
==================== Restore Points =========================
15-01-2014 11:36:54 Geplanter Prüfpunkt
16-01-2014 15:05:56 Geplanter Prüfpunkt
17-01-2014 12:37:42 Installiert Enter The Matrix
17-01-2014 13:19:47 Entfernt Enter The Matrix
18-01-2014 16:44:50 Geplanter Prüfpunkt
19-01-2014 19:25:10 Geplanter Prüfpunkt
20-01-2014 20:03:22 Geplanter Prüfpunkt
21-01-2014 10:20:33 Geplanter Prüfpunkt
22-01-2014 14:54:19 Geplanter Prüfpunkt
24-01-2014 11:59:56 Geplanter Prüfpunkt
25-01-2014 11:00:25 Windows Update
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {06445F71-6F49-4AAC-8D53-CF362366665F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-18] (Google Inc.)
Task: {075F2D51-90C5-4104-AD5A-B003E6FF404A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4A2B196B-899E-463B-AE1E-D4F9DB02FF64} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14] (Hewlett-Packard)
Task: {63A2FC6D-EE12-492F-9E72-56CF6A2D37BC} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-06-06] ()
Task: {79452186-4ED1-4F9A-90E2-0A60C189DE7A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-268476347-555274086-2057882796-1000Core => C:\Users\klo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {91251E00-6AA7-462A-B4E4-C86B0FCDCCFC} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {A9A55385-CE81-451F-ACB9-8DC29AF4E1BF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-268476347-555274086-2057882796-1000UA => C:\Users\klo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {B18562E2-21AF-4922-8ADE-F4E36235568A} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29] ()
Task: {B7338189-B48C-4BD4-91A5-375257C7B106} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03] (Adobe Systems Incorporated)
Task: {D3FE1F6D-721D-42D2-8C87-98BFC393E9CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-18] (Google Inc.)
Task: {DA34DBEA-C3E3-40A7-B3A6-F6235F15278F} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FAB12CF3-97BF-401F-A582-B59809B626E0} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2011-12-13] (TuneUp Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-268476347-555274086-2057882796-1000Core.job => C:\Users\klo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-268476347-555274086-2057882796-1000UA.job => C:\Users\klo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2008-07-30 02:47 - 2008-06-11 09:21 - 00204800 _____ () C:\Windows\System32\SysHook.dll
2011-11-04 14:06 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2008-05-14 16:05 - 2008-05-14 16:05 - 00227888 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2011-10-10 14:47 - 2011-10-10 14:47 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2011-10-10 14:47 - 2011-10-10 14:47 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2011-10-10 14:47 - 2011-10-10 14:47 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2013-12-20 15:28 - 2013-12-20 15:29 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/25/2014 00:14:09 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: MSXML 4.0 SP2 (KB973688) -- Error 1935. An error occured during the installation of assembly component {7B2B4EA5-1028-B7E6-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9876.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86"
Error: (01/25/2014 08:46:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/24/2014 10:57:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/24/2014 05:59:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/24/2014 10:42:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 09:11:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 06:20:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 00:41:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 00:54:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/22/2014 06:45:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/25/2014 00:14:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Update für Microsoft XML Core Services 4.0 Service Pack 2 (KB973688){4EB6F812-F2AE-43EF-9FE0-11ED711339BB}102
Error: (01/25/2014 08:46:43 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (01/24/2014 10:57:43 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (01/24/2014 06:00:59 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (01/24/2014 10:43:59 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (01/23/2014 09:11:47 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (01/23/2014 06:22:11 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (01/23/2014 00:41:23 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (01/23/2014 00:54:25 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (01/22/2014 06:45:44 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service
Microsoft Office Sessions:
=========================
Error: (01/25/2014 00:14:09 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: MSXML 4.0 SP2 (KB973688) -- Error 1935. An error occured during the installation of assembly component {7B2B4EA5-1028-B7E6-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9876.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86"(NULL)(NULL)(NULL)(NULL)
Error: (01/25/2014 08:46:20 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/24/2014 10:57:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/24/2014 05:59:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/24/2014 10:42:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 09:11:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 06:20:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 00:41:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 00:54:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/22/2014 06:45:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-01-01 13:54:58.164
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-01 01:17:54.057
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-31 19:19:21.677
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-31 19:17:51.206
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-31 19:17:48.015
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-31 19:17:42.833
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-31 19:17:40.131
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-31 19:17:38.044
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-31 19:17:30.336
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-31 19:17:28.558
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 3035.93 MB
Available physical RAM: 1321.38 MB
Total Pagefile: 6280.05 MB
Available Pagefile: 4286.41 MB
Total Virtual: 2799.88 MB
Available Virtual: 2668.93 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:33.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:140.5 GB) (Free:85.56 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1A3173EB)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=141 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=12)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19355 - hxxp://www.gmer.net
Rootkit scan 2014-01-25 14:46:38
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: gmer.exe; Driver: C:\Users\klo\AppData\Local\Temp\kxtdqpow.sys
---- System - GMER 2.1 ----
SSDT BE69BFBE ZwCreateSection
SSDT BE69BFC8 ZwRequestWaitReplyPort
SSDT BE69BFC3 ZwSetContextThread
SSDT BE69BFCD ZwSetSecurityObject
SSDT BE69BFD2 ZwSystemDebugControl
SSDT BE69BF5F ZwTerminateProcess
INT 0x51 ? B2F34A50
INT 0x52 ? B2F35A50
INT 0x61 ? B2F34CD0
INT 0x62 ? B12C0550
INT 0x71 ? B2F35050
INT 0x72 ? B2F35550
INT 0x82 ? B2F35CD0
INT 0x92 ? B12C0A50
INT 0xA2 ? B2F34550
INT 0xB0 ? B2F347D0
INT 0xB1 ? B12C0CD0
INT 0xB2 ? B12C07D0
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 E22FE958 4 Bytes [BE, BF, 69, BE]
.text ntkrnlpa.exe!KeSetEvent + 539 E22FEC7C 4 Bytes [C8, BF, 69, BE] {ENTER 0x69bf, 0xbe}
.text ntkrnlpa.exe!KeSetEvent + 56D E22FECB0 4 Bytes [C3, BF, 69, BE]
.text ntkrnlpa.exe!KeSetEvent + 5D1 E22FED14 4 Bytes [CD, BF, 69, BE]
.text ntkrnlpa.exe!KeSetEvent + 619 E22FED5C 4 Bytes [D2, BF, 69, BE]
.text ...
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0xD0727300, 0x25D4C, 0xE0000060]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xD074E300, 0x3AF78, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xD07A4300, 0x1BCE, 0xE8000020]
C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0xD534441C]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0xD5345000, 0x1000, 0xE0000020]
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[2436] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 76CBB37C 4 Bytes [00, 26, 45, 00]
.text C:\Windows\Explorer.EXE[2436] SHELL32.dll!ShellExecuteExW + 18B7 76CEDA0C 4 Bytes JMP 451B1076
.text C:\Program Files\Mozilla Firefox\firefox.exe[5184] ntdll.dll!LdrLoadDll 77AE9390 5 Bytes JMP 5F31B780 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5184] kernel32.dll!HeapSetInformation + 26 7657A84A 7 Bytes JMP 5F320836 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5184] kernel32.dll!LockResource + C 765968EB 7 Bytes JMP 5FB56EDA C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5184] kernel32.dll!VirtualAllocEx + 54 7659AD50 7 Bytes JMP 5FB56EFD C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5184] GDI32.dll!SetStretchBltMode + 256 7679745C 7 Bytes JMP 5FB56E5B C:\Program Files\Mozilla Firefox\xul.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@SetupExecute C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe /display_progress \SystemRoot\WinSxS\pending.xml?
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSDTC Bridge 4.0.0.0\Performance@Last Counter 9926
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSDTC Bridge 4.0.0.0\Performance@Last Help 9927
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSDTC Bridge 4.0.0.0\Performance@First Counter 9904
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSDTC Bridge 4.0.0.0\Performance@First Help 9905
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSDTC Bridge 4.0.0.0\Performance@Object List 9904
Reg HKLM\SYSTEM\CurrentControlSet\Services\SMSvcHost 4.0.0.0\Performance@Last Counter 9902
Reg HKLM\SYSTEM\CurrentControlSet\Services\SMSvcHost 4.0.0.0\Performance@Last Help 9903
Reg HKLM\SYSTEM\CurrentControlSet\Services\SMSvcHost 4.0.0.0\Performance@First Counter 9874
Reg HKLM\SYSTEM\CurrentControlSet\Services\SMSvcHost 4.0.0.0\Performance@First Help 9875
Reg HKLM\SYSTEM\CurrentControlSet\Services\SMSvcHost 4.0.0.0\Performance@Object List 9874
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress@ C:\Windows\Installer\b4ccf7.ipi
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts@C:\Config.Msi\b4ccf8.rbs 30349771
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts@C:\Config.Msi\b4ccf8.rbsLow 619490784
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages@C:\Windows\Installer\b4ccf4.msp 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\185A997F84B9CCC399CEFBEB37D1E465@FCDAC0A0AD874C333A05DC1548B97920
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6BAE7E741A179D035A28FD4F8ECD4E67@FCDAC0A0AD874C333A05DC1548B97920 02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2742595\NoRemove
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED776A5EE28AE3C3CBA2AD9355F12795@FCDAC0A0AD874C333A05DC1548B97920
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2416472 g?1D['YZ?80cb8)2E`3?r90RLyrqU7zU~F*!'U897jML!3~s57oeH2%a[MFETf8@CW!z[4A)(&5@lu6e?Servicing_Key
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2162169 v'o&JBX_D4l+Re5D7*)'Y5AjZThCw3^%$BbZiVHw+_c7(z+QZ41jYCs*LLkjm_8,zPu8Z3vqq}h*3FR=?Servicing_Key
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2478063 K.J](Pmc25I1smk6hG2LpVG]Aeh`35_X$Acj$&ifM[P48IzUq5NYPZB-~$rN9C'xxr@q66bZFjLHdz{v?Servicing_Key
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2533523 i2MmZ376k6O4jv67tmxY9ZJ9DW}NU5VFJ%47_tpRDpC-Yq*QW6I~.l7Fw$0'ox_r(X$oK4vhHIxIh?d2?Servicing_Key
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2544514 ?N~p_J{h~4~Roz2]069xPwULsp&RA7c7k`WmU^lKo(Kf1l{@A6jO@3i5^!u][Uurr=WsU4]eJ)(?PG^d?Servicing_Key
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2572063 5F&tTHC0R5{7,n`MxHSib8]e!%Co_7Zya$Zt*HH_hnx-8s{7H7jZB3z,6?A4}i.gVoTfs7$Bl(G[5WqI?Servicing_Key
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2599651 em,8p%f+q7Ff$]?`Ay4^gfPJxz+K,4A6vCb[q916N]jbb`z)l6.6Z9)YNaTZ$%SzkmMg37{)&b*~f.Gp?Servicing_Key
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2600211 VI8Z3]qG96Y[B0P+]p+2c0QfD']$J7S1B'CJ%7}q_mbGDLvlb6I=%CSb[4iRiI%H$$ZUa43tnUPVhhR[?Servicing_Key
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2600217 [GRRzeYHK8Ah&?.`r*JGQP$J7o7Xs5H.qk'4gRmw()7qU4]M-4I0DX5nfl.2Le1*qnYxV3vLBtsY]Wd.?Servicing_Key
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2604121 gf7vmF-J)5f8[Oi1Rb3JwtQzSU.UW6k-_.Ii2D`Y5DA^z7QTl45[aIho2`zm3.'y-ay'i5H)ms8lXhRF?Servicing_Key
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2639327 aNLP5McjE5&0&Z.]KAPn?%,2R^o__7M?N(d6v$-3lM30DrZOt6DN9T3R?qh@O~kb2rWzX5E01]9O{cUN?Servicing_Key
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2656351 4pM3vyZ4142O.Z'bDubRYz{$Av^('4WcK_Jn%{]LJmxK930UY7@_@Gkc@uI5@2r*,5D2e3*?-e=J[9XR?Servicing_Key
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2682543 b2m5g3D647OX&WyiksE18%t!^ZT0q5`,9Ej66Jkcg]^wv_jYt6`@=Po5L(^L5+0Pq4Li.88y2[^d{yV6?Servicing_Key
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2736428 ^E`of~=&i7nkdzTnFnboHt?CxHjQX6m4.Ly?yHeDc&!T^o*m145NV*76C)U$g=OxaV-z}3LFc'*OTJ1A?Servicing_Key
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2742595 2s1Yxk@{U7(&)Bf^bigCN3I,?EOSd3{=adwIO'6Nea(nU$g=S3nVnjPpdqkda=lmrzdnF7y{NZ6i[WhD?Servicing_Key
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\InstallProperties@EstimatedSize 483199
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Patches@AllPatches 1A81C2A72A2D7713281FF59ECC80CE0B?E2653A24E4B84A938BD2CC218F82983E?D43E4AB85C597093784E26BF3BA11209?
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A0CADCF-78DA-33C4-A350-CD51849B9702}@EstimatedSize 483199
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2742595@NoRemove 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C3901C5-3455-3E0A-A214-0B093A5070A6}@EstimatedSize 2223261
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2729449@NoRemove 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter 10608
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help 10609
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{890c10c3-8c2a-4fe3-a36a-9eca153d47cb}\{16dcff2c-91a3-4e6a-8135-0a9e6681c1b5}@First Counter 10484
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{890c10c3-8c2a-4fe3-a36a-9eca153d47cb}\{16dcff2c-91a3-4e6a-8135-0a9e6681c1b5}@Last Counter 10522
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{890c10c3-8c2a-4fe3-a36a-9eca153d47cb}\{8ebb0470-da6d-485b-8441-8e06b049157a}@First Counter 10524
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{890c10c3-8c2a-4fe3-a36a-9eca153d47cb}\{8ebb0470-da6d-485b-8441-8e06b049157a}@Last Counter 10554
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{890c10c3-8c2a-4fe3-a36a-9eca153d47cb}\{e829b6db-21ab-453b-83c9-d980ec708edd}@First Counter 10404
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{890c10c3-8c2a-4fe3-a36a-9eca153d47cb}\{e829b6db-21ab-453b-83c9-d980ec708edd}@Last Counter 10482
Reg HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Reference Assemblies|Microsoft|Framework|v3.5|System.AddIn.dll@System.AddIn,version="3.5.0.0",publicKeyToken="b77a5c561934e089",processorArchitecture="MSIL",fileVersion="3.5.30729.1",culture="neutral" dlP=kN'k[5nu[y@0gyqnNetFX_Core_x86_enu_DDF>`DKb52'Wm9?NNy%~cR@K?
Reg HKLM\SOFTWARE\Classes\Installer\Assemblies\Global@System.AddIn,version="3.5.0.0",publicKeyToken="b77a5c561934e089",processorArchitecture="MSIL",fileVersion="3.5.30729.1",culture="neutral" dlP=kN'k[5nu[y@0gyqnNetFX_Core_x86_enu_DDF>`W=4F!8GE@p+Vb5z,`PF?
Reg HKLM\SOFTWARE\Classes\Installer\Products\26DDC2EC4210AC63483DF9D4FCC5B59D\Patches@Patches 2F2AEE7ADCFB45A45A57B7187A686E85?28C9EA2BB7CD1463FB8C7872C5F46370?CB4FA93924CE1D83EA28194D7ADE9811?10C3348AF913073358E0783C456992A9?241C0B844F0A3623091E9148BC8BDD81?
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter Exportierte Ereignisse:
25.01.2014 11:36 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\klo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\71805bb0-7de975b
5'
enthielt einen Virus oder unerwünschtes Programm 'Java/Dldr.Kara.AN.1' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1e14466d.qua'
verschoben!
25.01.2014 11:36 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\klo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\2dd0a63b-484f646
c'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2012-1723.A.344'
[exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c171b78.qua'
verschoben!
25.01.2014 11:36 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\klo\AppData\Roaming\msconfig.dat'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen7' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '548134e0.qua'
verschoben!
25.01.2014 11:36 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\klo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\11584990-2409901
2'
enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.zdq.3' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3da42491.qua'
verschoben!
25.01.2014 11:36 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\klo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\11584990-5679145
f'
enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.zdq.3' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '782009af.qua'
verschoben!
|
|
25.01.2014, 15:38
| #2 | |
| /// the machine /// TB-Ausbilder    |  Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
25.01.2014, 17:10
| #3 |
| | Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden Danke für die schnelle Antwort!!!
__________________Allerdings habe ich nun noch ein anderes Problem. Gleichzeitig mit dem Neustart nach Ausführung von Combofix kam das automatische Windows-Update und hat nun nach dem Neustart den rechner "aufgehängt". Nach dem Neustart kommt immer die Meldung "Die Updates konnten nicht konfiguriert werden. Die Änderungen werden rückgängi gemacht. Schalten Sie den Computer nicht aus." Nachdem ich jetzt fast 2 Stunden gewartet habe, dass irgendwas passiert, habe ich einen Neustart versucht und siehe da...die Meldung ist natürlich noch da. Ich denke, ich werde jetzt das System komplett neu draufziehen..Kack Vista.. das sollte doch auch das Malware-Problem lösen, oder? Meine Daten werde ich vorher mittels Ubuntu CD retten. Auf jeden Fall vielen vielen Dank für deine Hilfe!!! |
|
26.01.2014, 07:44
| #4 |
| /// the machine /// TB-Ausbilder | Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden Das behebt auf jeden Fall auch die Malware, ja 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden |
| acer aspire, adblock, browser, converter, device driver, dvdvideosoft ltd., e-mail, flash player, installation, java/dldr.kara.an.1, java/lamar.zdq.3, launch, malware, msiinstaller, ntdll.dll, performance, realtek, registry, services.exe, software, spotify web helper, spyhunter, spyhunter entfernen, svchost.exe, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen7, trojaner, windows |
Linear-Darstellung
