| |
| |||||||
Log-Analyse und Auswertung: Windows 7 : grüne ungewollte Links im Text, Umleitung auf Webseiten mit WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.02.2014, 23:57
| #1 |
| |  Windows 7 : grüne ungewollte Links im Text, Umleitung auf Webseiten mit Werbung Hallo, seit einigen Tagen tritt bei mir das Problem auf, dass bei fast allen Webseiten einige Wörter im Text als Link dargestellt werden. Es kommt auch zu einer Umleitung auf anderen Webseiten mit den Werbungen, Aufforderung zum Kauf oder zur Installation irgendwelcher PC-Software usw. Nach meiner Recherchen im Internet handelt es sich hierbei um ein bekanntes Problem. Auch auf dem Trojaner Board habe ich einen Beitrag darüber gelesen. Da ich mich mit solchen Problemen nicht auskenne, habe ich auch nichts bis jetzt unternommen. Kann mir bitte jemand hierbei behilflich sein. Danke im Voraus! Gruß Nik Ich benutze Windows 7 Home Premium, Avira Free und Firefox. Die geforderten Logfiles gemäß der Checklist und ein Logfile (quarantaene.txt) von meinem dem Avira poste ich ebenfalls. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:56 on 22/02/2014 (****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2014 01
Ran by Gast at 2014-02-22 21:49:36
Running from C:\Users\Gast\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
==================== Installed Programs ======================
3D-Viewer-innoplus (HKLM-x32\...\{B96DB037-DBEA-4186-9081-9CBD537F82E8}) (Version: 14.00.231 - INNOVA-engineering GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.183.48 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon Browser Settings (HKLM-x32\...\Amazon Browser Settings) (Version: 3.0 - Amazon.com, Inc.)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.18.0 - Ask.com) <==== ATTENTION
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.37268 - Ask.com) <==== ATTENTION
awesomehp Browser newtab extension (HKLM-x32\...\awesomehp Browser newtab extension) (Version: - awesomehp) <==== ATTENTION
Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonanza Deals (remove only) (HKLM-x32\...\Bonanza Deals) (Version: 5.0.1.0 - Bonanza Deals) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.4.9.3 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{029A4933-3F36-4E4F-AEC3-2207AB26463D}) (Version: 14.4.8.3 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.0.1027_32100 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.0.1027_32100 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Elevated Installer (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Feven Pro (HKLM-x32\...\Feven Pro) (Version: 1.34.2.13 - Feven) <==== ATTENTION
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free YouTube Download version 3.1.38.1005 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.38.1005 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.26.706 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.26.706 - DVDVideoSoft Ltd.)
Garmin ANT Agent (HKLM\...\{20B0E07B-12EA-4BAB-A3B1-E17D7568EB6F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{d6f59919-3fd4-48c5-8404-def6f92d8422}) (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Training Center (HKLM-x32\...\{50C913B1-A091-48B8-A434-6C9670284888}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
HomeMedia (HKLM-x32\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 2.0.8423 - CyberLink Corporation)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell)
IePluginService12.27.0.3326 (HKLM-x32\...\IePlugins) (Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2272 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Internet Explorer Toolbar 4.7 by SweetPacks (x32 Version: 4.7.0004 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.3 - Packard Bell)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - MyPC Backup) <==== ATTENTION
Nero 9 Essentials (HKLM-x32\...\{f3b75363-fa28-46b2-9d9f-112252157a7b}) (Version: - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.27.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.37.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA Grafiktreiber 266.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.19 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.36.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.11 (Version: 1.0.11 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 266.19 (Version: 266.19 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.11 - NVIDIA Corporation) Hidden
Official Video Converter (HKLM-x32\...\{4DD1AF59-5121-421F-B92D-EEBF3F20345A}) (Version: 2.5912.00027 - Aedge Performance BCN SL)
Open It! (HKLM-x32\...\OpenIt Open It!) (Version: 1.1.1 - OpenIt)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Packard Bell Game Console (x32 Version: - WildTangent) Hidden
Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3001 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0811.2010 - Packard Bell )
Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 2.0.2211 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 2.0.2211 - CyberLink Corp.) Hidden
Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Packard Bell)
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDF24 Creator 5.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
pdfforge Toolbar v6.6 (HKLM-x32\...\{65739FA2-0444-4AB2-B598-872406539EBD}) (Version: 6.6 - Spigot, Inc.) <==== ATTENTION
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
phase6_19 (HKLM-x32\...\{65D70656-D248-4C83-B594-E3029C43B37A}) (Version: 1.90.0000 - phase6)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6276 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Re-markit (HKLM-x32\...\ca687a17-862c-4dd2-975f-e7eb5357b557) (Version: - Re-markit Software) <==== ATTENTION
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Secunia PSI (3.0.0.6005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6005 - Secunia)
Sentinel System Driver Installer 7.5.7 (HKLM-x32\...\{B281C7D1-C088-40E0-86EA-B2D9D7E0810A}) (Version: 7.5.7 - SafeNet, Inc.)
SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.1.1 - Uniblue Systems Limited)
SupTab (HKLM-x32\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
Uniblue DriverScanner (HKLM-x32\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.9.10 - Uniblue Systems Ltd)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Video Web Camera (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1306 - CyberLink Corp.)
Video Web Camera (x32 Version: 1.0.1306 - CyberLink Corp.) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - )
Watchtower Library 2012 - Deutsch (HKLM-x32\...\{CFDF0961-77C7-4392-96EE-624DFE81C3C2}) (Version: 14.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3007 - Packard Bell)
Whilokii 1.0.0 (HKLM\...\Whilokii) (Version: 1.0.0 - Whilokii) <==== ATTENTION
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) (HKLM\...\24DA573F901348FFDFF7717497830D45BE0C362E) (Version: 07/07/2009 1.12.2 - Dynastream Innovations)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR Bundle by SweetPacks (HKLM-x32\...\WinRAR Bundle by SweetPacks) (Version: 1.0.0.0 - SweetPacks LTD) <==== ATTENTION
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.03.8202 - Buhl Data Service GmbH)
WPM17.8.0.3325 (HKLM-x32\...\WPM) (Version: 17.8.0.3325 - Cherished Technololgy LIMITED) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-02-17 10:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
==================== Loaded Modules (whitelisted) =============
2011-01-06 05:09 - 2010-12-23 18:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 3
MSCONFIG\Services: NOBU => 2
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Systemfehler 5 aufgetreten.
Zugriff verweigert
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 3947.86 MB
Available physical RAM: 1716.43 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 5414.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Packard Bell) (Fixed) (Total:450.16 GB) (Free:326.33 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2014 01
Ran by Gast (ATTENTION: The logged in user is not administrator) on ****-PC on 22-02-2014 21:48:28
Running from C:\Users\Gast\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [860040 2010-12-10] (Acer Incorporated)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe [295232 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1025616 2010-12-09] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-11-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-02-08] (Ask)
HKLM-x32\...\Run: [innoplus_update] - "C:\Program Files (x86)\innoplus\innoplus bad\bin\innoplus_OnlineUpdate.exe" -b
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-746099090-312496325-1089877124-501\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe [814984 2013-08-08] (Adobe Systems Incorporated)
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://packardbell.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392493999&from=tugs&uid=WDCXWD5000BPVT-22HXZT1_WD-WXD1A11N5742N5742&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1392493999&from=tugs&uid=WDCXWD5000BPVT-22HXZT1_WD-WXD1A11N5742N5742
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1392493999&from=tugs&uid=WDCXWD5000BPVT-22HXZT1_WD-WXD1A11N5742N5742
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1392493999&from=tugs&uid=WDCXWD5000BPVT-22HXZT1_WD-WXD1A11N5742N5742&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392493999&from=tugs&uid=WDCXWD5000BPVT-22HXZT1_WD-WXD1A11N5742N5742&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1392493999&from=tugs&uid=WDCXWD5000BPVT-22HXZT1_WD-WXD1A11N5742N5742
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1392493999&from=tugs&uid=WDCXWD5000BPVT-22HXZT1_WD-WXD1A11N5742N5742
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1392493999&from=tugs&uid=WDCXWD5000BPVT-22HXZT1_WD-WXD1A11N5742N5742&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1392493999&from=tugs&uid=WDCXWD5000BPVT-22HXZT1_WD-WXD1A11N5742N5742
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392493999&from=tugs&uid=WDCXWD5000BPVT-22HXZT1_WD-WXD1A11N5742N5742&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392493999&from=tugs&uid=WDCXWD5000BPVT-22HXZT1_WD-WXD1A11N5742N5742&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392493999&from=tugs&uid=WDCXWD5000BPVT-22HXZT1_WD-WXD1A11N5742N5742&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392493999&from=tugs&uid=WDCXWD5000BPVT-22HXZT1_WD-WXD1A11N5742N5742&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {678EB474-871B-40AE-88FC-0EDE8FF34305} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {D58EADF2-A853-49E3-8939-E21415945177} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=A5D4053F-C8BD-4CEC-B540-CE18AA85B863&apn_sauid=85B6ED32-C2D5-48CE-8FD4-3A3AE109BE38
BHO: Feven Pro - {11111111-1111-1111-1111-110511161178} - C:\Program Files (x86)\Feven Pro\Feven Pro-bho64.dll (Feven)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Feven Pro - {11111111-1111-1111-1111-110511161178} - C:\Program Files (x86)\Feven Pro\Feven Pro-bho.dll (Feven)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9ndwh.default
FF Homepage: hxxp://google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @innoplus.de/ino3DViewer - C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9ndwh.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9ndwh.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9ndwh.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9ndwh.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9ndwh.default\Extensions\2020Player_IKEA@2020Technologies.com [2012-02-26]
FF Extension: Feven Pro - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9ndwh.default\Extensions\46bccaaa-4500-481e-8908-9384802e175a@89a8fdd1-d807-4096-8025-a41093fce600.com [2014-02-16]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9ndwh.default\Extensions\ich@maltegoetz.de [2013-12-11]
FF Extension: Lavasoft Search Plugin - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9ndwh.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-01-31]
FF Extension: Garmin Communicator - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9ndwh.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-12-17]
FF Extension: Yahoo! Toolbar - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9ndwh.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-08-20]
FF Extension: WEB.DE MailCheck - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9ndwh.default\Extensions\toolbar@web.de.xpi [2011-12-19]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-11-18]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-02-01]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\5kmptlmf.default\extensions\lightningnewtab@gmail.com.xpi
FF Extension: Lightning Speed Dial - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\5kmptlmf.default\extensions\lightningnewtab@gmail.com.xpi [2014-02-15]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-22] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-22] (BonanzaDeals)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868224 2010-12-10] (Acer Incorporated)
S4 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [246520 2010-04-04] (WildTangent, Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Re-markit; C:\Program Files (x86)\Re-markit\Re-markit153.exe [180736 2014-02-15] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [244904 2010-10-28] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
R2 Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [111384 2014-02-21] ()
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 Util Whilokii; C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe [111384 2014-02-21] ()
R2 VOsrv; C:\Users\****\AppData\Roaming\VOPackage\VOsrv.exe [61456 2014-02-15] ()
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-02-15] (Cherished Technololgy LIMITED)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-01-31] (GFI Software)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-02-07] (Secunia)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-15 20:53 - 2014-02-15 20:54 - 00000000 ____D () C:\Program Files (x86)\Feven Pro
2014-02-15 20:53 - 2014-02-15 20:53 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-15 20:53 - 2014-02-15 20:53 - 00000000 ____D () C:\Program Files (x86)\Re-markit
2014-02-15 19:34 - 2014-02-15 19:35 - 00000000 ____D () C:\Program Files\iTunes
2014-02-15 19:34 - 2014-02-15 19:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-15 19:34 - 2014-02-15 19:34 - 00000000 ____D () C:\Program Files\iPod
2014-02-14 06:14 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-14 06:14 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-14 06:14 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-14 06:14 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-14 06:14 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-14 06:14 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-14 06:14 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-14 06:14 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-14 06:14 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-14 06:14 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-14 06:14 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-14 06:14 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-14 06:14 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-14 06:14 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-14 06:14 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-14 06:14 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-14 06:14 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-14 06:14 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-14 06:14 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-14 06:14 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-14 06:14 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-14 06:14 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-14 06:14 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-14 06:14 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-14 06:13 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-14 06:13 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-14 06:13 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-14 06:13 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-01-31 13:20 - 2014-01-31 13:21 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
==================== One Month Modified Files and Folders =======
2014-02-22 21:33 - 2011-07-02 17:21 - 00000000 ____D () C:\Users\****
2014-02-22 21:07 - 2011-03-29 13:17 - 01808113 _____ () C:\Windows\WindowsUpdate.log
2014-02-22 19:39 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-22 19:39 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-22 19:31 - 2013-01-31 19:16 - 00053906 _____ () C:\Windows\setupact.log
2014-02-22 10:07 - 2013-11-24 00:06 - 00413163 _____ () C:\Windows\IE11_main.log
2014-02-17 19:29 - 2013-08-14 11:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 19:27 - 2011-07-26 07:31 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 14:24 - 2012-05-12 07:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 09:07 - 2013-10-24 20:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 20:54 - 2014-02-15 20:53 - 00000000 ____D () C:\Program Files (x86)\Feven Pro
2014-02-15 20:54 - 2013-02-01 21:27 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-02-15 20:53 - 2014-02-15 20:53 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-15 20:53 - 2014-02-15 20:53 - 00000000 ____D () C:\Program Files (x86)\Re-markit
2014-02-15 19:35 - 2014-02-15 19:34 - 00000000 ____D () C:\Program Files\iTunes
2014-02-15 19:35 - 2014-02-15 19:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-15 19:34 - 2014-02-15 19:34 - 00000000 ____D () C:\Program Files\iPod
2014-02-15 18:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-15 15:50 - 2011-03-29 23:09 - 00654852 _____ () C:\Windows\system32\perfh007.dat
2014-02-15 15:50 - 2011-03-29 23:09 - 00130434 _____ () C:\Windows\system32\perfc007.dat
2014-02-15 15:50 - 2009-07-14 06:13 - 01522350 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-10 15:24 - 2013-10-22 21:20 - 00000000 ____D () C:\Program Files (x86)\Whilokii
2014-02-01 07:20 - 2009-07-14 05:45 - 00362224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-31 13:21 - 2014-01-31 13:20 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-01-27 18:57 - 2011-08-29 12:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-27 17:46 - 2014-01-12 19:44 - 00000000 ____D () C:\Program Files (x86)\innoplus
2014-01-26 21:24 - 2014-01-12 20:28 - 00004167 __RSH () C:\Windows\innova3.ini
2014-01-26 21:24 - 2014-01-12 20:28 - 00000000 _____ () C:\Windows\innova3.tmp
2014-01-26 21:22 - 2011-07-02 20:30 - 00661882 _____ () C:\Windows\PFRO.log
2014-01-26 20:30 - 2011-07-03 10:08 - 00000000 ____D () C:\Program Files (x86)\Watchtower
2014-01-26 20:14 - 2010-12-03 12:01 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-01-26 19:33 - 2010-12-03 12:31 - 00000000 ____D () C:\Program Files (x86)\Adobe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-22 22:37:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\****\AppData\Local\Temp\kxldapow.sys
---- User code sections - GMER 2.1 ----
.text C:\ProgramData\IePluginService\PluginService.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\ProgramData\IePluginService\PluginService.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\ProgramData\WPM\wprotectmanager.exe[1156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\ProgramData\WPM\wprotectmanager.exe[1156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Program Files (x86)\Re-markit\Re-markit153.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Program Files (x86)\Re-markit\Re-markit153.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Program Files (x86)\Whilokii\updateWhilokii.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Program Files (x86)\Whilokii\updateWhilokii.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [4120] entry point in ".rdata" section 0000000063c671e6
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
---- EOF - GMER 2.1 ----
Code:
ATTFilter
Typ: Datei
Quelle: C:\Users\****\AppData\Local\Temp\is1590112554\409195_stp\uninstaller.exe
Status: Infiziert
Quarantäne-Objekt: 54cb4d26.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.132
Virendefinitionsdatei: 7.11.108.254
Gefunden: ADWARE/InstallCore.Gen
Datum/Uhrzeit: 22.10.2013, 22:30
Typ: Datei
Quelle: C:\Windows\SysWOW64\d3dimo.dll
Status: Infiziert
Quarantäne-Objekt: 56ce9e6b.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.10
Virendefinitionsdatei: 7.11.64.04
Gefunden: TR/Crypt.ZPACK.Gen8
Datum/Uhrzeit: 07.03.2013, 23:01
Typ: Datei
Quelle: C:\Windows\SysWOW64\d3dimo.dll
Status: Infiziert
Quarantäne-Objekt: 4e59bb7c.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.10
Virendefinitionsdatei: 7.11.64.04
Gefunden: TR/Crypt.ZPACK.Gen8
Datum/Uhrzeit: 07.03.2013, 23:01
|
Baum-Darstellung