| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Live-Stream: Klick öffnet zwei unerwünschte TabsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.03.2014, 19:04
| #5 |
| |  Live-Stream: Klick öffnet zwei unerwünschte Tabs Gerne, also Defogger hat keine Fehlermeldung ergeben. Im Schritt 2, also bei Farbar, erhalte ich von Gdata die Meldung: erunt.exe ist ein vermeintlich bösartiges Programm. Handelt es sich dabei um Farbar und ich kann das zulassen oder habe ich hier ein anderes Problem? So, das erunt in die Quarantäne und hier sind nur die Ergebnisse von Farbar: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01
Ran by ******* (administrator) on *******-PC on 09-03-2014 18:14:36
Running from C:\Users\*******\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Message Controller\AsMessageController.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Eee Manager\EeeManager.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Eee Manager\EMOSDControl\EMOSDControl.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Eee Manager\EMMessageParser.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Eee Manager\TurboMaster\AsTurboMaster.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink Corp.) C:\Program Files (x86)\ASUS\Eee Cam\YouCamTray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Eee Manager\AsShellApplication.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exe
() C:\Users\*******\Desktop\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [451760 2010-12-07] (ASUSTek Computer Inc.)
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\2.2.54.106\ASUSWSDashBoard.exe [5096784 2010-08-17] (eCareme)
HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-08-17] (IDT, Inc.)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ASUS Easy Update] - C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [195200 2009-12-31] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] - C:\Program Files (x86)\ASUS\Eee Cam\YouCamTray.exe [171104 2010-06-02] (CyberLink Corp.)
HKLM-x32\...\Run: [AsShellApplication] - C:\Program Files (x86)\ASUS\Eee Manager\AsShellApplication.exe [232064 2010-08-04] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [OOBESetup] - C:\Program Files (x86)\asus\OOBERegBackup\OOBERegBackup.exe [334848 2009-11-12] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444472 2013-08-21] (G Data Software AG)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522232 2012-09-26] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-238978071-3749177820-4059293363-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\uao9yy3s.default
FF Homepage: hxxp://www.t-online.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ []
==================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1970296 2013-08-26] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635000 2013-08-21] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2562208 2013-10-15] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2942808 2013-10-17] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [695416 2013-08-22] (G Data Software AG)
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]
==================== Drivers (Whitelisted) ====================
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S3 AVerAF35; C:\Windows\System32\Drivers\AVerAF35.sys [677632 2010-03-16] (AVerMedia TECHNOLOGIES, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-10-30] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2013-10-30] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon64.sys [31448 2011-08-10] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [63320 2013-10-30] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-10-30] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-03-09] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2013-10-30] (G Data Software AG)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-09 18:14 - 2014-03-09 18:15 - 00014501 _____ () C:\Users\*******\Desktop\FRST.txt
2014-03-09 17:56 - 2014-03-09 18:14 - 00000000 ____D () C:\FRST
2014-03-09 17:55 - 2014-03-09 17:55 - 02156544 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe
2014-03-09 17:53 - 2014-03-09 17:53 - 00000480 _____ () C:\Users\*******\Desktop\defogger_disable.log
2014-03-09 17:53 - 2014-03-09 17:53 - 00000000 _____ () C:\Users\*******\defogger_reenable
2014-03-09 17:51 - 2014-03-09 17:51 - 00050477 _____ () C:\Users\*******\Desktop\Defogger.exe
2014-03-09 14:11 - 2014-03-09 14:11 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2014-02-19 20:14 - 2014-03-01 14:22 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Mp3tag
2014-02-19 20:14 - 2014-02-19 20:14 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-02-19 20:13 - 2014-02-19 20:13 - 02634152 _____ () C:\Users\*******\Downloads\mp3tagv258setup.exe
2014-02-15 11:09 - 2014-02-15 11:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-11 19:46 - 2014-02-11 19:39 - 00000426 _____ () C:\AVScanner.ini
==================== One Month Modified Files and Folders =======
2014-03-09 18:15 - 2014-03-09 18:14 - 00014501 _____ () C:\Users\*******\Desktop\FRST.txt
2014-03-09 18:14 - 2014-03-09 17:56 - 00000000 ____D () C:\FRST
2014-03-09 17:59 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-09 17:59 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-09 17:55 - 2014-03-09 17:55 - 02156544 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe
2014-03-09 17:53 - 2014-03-09 17:53 - 00000480 _____ () C:\Users\*******\Desktop\defogger_disable.log
2014-03-09 17:53 - 2014-03-09 17:53 - 00000000 _____ () C:\Users\*******\defogger_reenable
2014-03-09 17:53 - 2011-08-09 18:12 - 00000000 ____D () C:\Users\*******
2014-03-09 17:51 - 2014-03-09 17:51 - 00050477 _____ () C:\Users\*******\Desktop\Defogger.exe
2014-03-09 17:27 - 2011-08-10 11:12 - 01441204 _____ () C:\Windows\WindowsUpdate.log
2014-03-09 17:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-09 17:23 - 2009-07-14 05:51 - 00134662 _____ () C:\Windows\setupact.log
2014-03-09 15:21 - 2013-11-16 15:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-09 14:11 - 2014-03-09 14:11 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2014-03-05 16:03 - 2011-08-12 18:20 - 00000000 ____D () C:\Users\*******\AppData\Roaming\SoftGrid Client
2014-03-05 15:20 - 2011-08-12 18:18 - 00000000 ____D () C:\Users\*******\Desktop\Privat
2014-03-04 13:36 - 2012-07-20 21:37 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Skype
2014-03-04 10:29 - 2013-08-01 06:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 10:29 - 2012-07-20 21:36 - 00000000 ____D () C:\ProgramData\Skype
2014-03-01 14:22 - 2014-02-19 20:14 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Mp3tag
2014-02-24 10:32 - 2011-08-12 18:28 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-02-24 09:21 - 2013-11-16 15:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-24 09:21 - 2013-11-16 15:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-24 09:21 - 2011-08-11 16:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-19 20:14 - 2014-02-19 20:14 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-02-19 20:13 - 2014-02-19 20:13 - 02634152 _____ () C:\Users\*******\Downloads\mp3tagv258setup.exe
2014-02-19 20:10 - 2013-05-26 09:54 - 00000000 ____D () C:\Users\*******\Documents\DVDVideoSoft
2014-02-19 08:14 - 2009-08-29 02:51 - 00654602 _____ () C:\Windows\system32\perfh007.dat
2014-02-19 08:14 - 2009-08-29 02:51 - 00130216 _____ () C:\Windows\system32\perfc007.dat
2014-02-19 08:14 - 2009-07-14 06:13 - 01500498 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 08:30 - 2013-11-01 17:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 14:23 - 2013-08-23 09:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 14:22 - 2011-08-12 17:58 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 11:09 - 2014-02-15 11:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-12 13:52 - 2011-02-10 10:16 - 00354540 _____ () C:\Windows\PFRO.log
2014-02-11 19:39 - 2014-02-11 19:46 - 00000426 _____ () C:\AVScanner.ini
2014-02-10 19:53 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
Some content of TEMP:
====================
C:\Users\*******\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\*******\AppData\Local\Temp\MSNA249.exe
C:\Users\*******\AppData\Local\Temp\vpnclient_setup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-02 09:00
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2014 01
Ran by ****** at 2014-03-09 18:15:36
Running from C:\Users\******\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: G Data InternetSecurity 2014 (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Trend Micro Titanium (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro Titanium (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: G Data InternetSecurity 2014 (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
ASUS Easy Update (HKLM-x32\...\{9A9FEC4E-8696-43B4-8C19-5BE4D9038B55}) (Version: 2.00.18 - )
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.2.54.106 - eCareme Technologies, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.05 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.3.585 - ASUSTEK)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.2.3442 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.10057 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.10057 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Eee Cam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.3001 - CyberLink Corp.)
Eee Cam (x32 Version: 3.0.3001 - CyberLink Corp.) Hidden
Eee Docking (HKLM\...\{85EA6D4E-04CC-48b0-B526-EA9E2FEF56FA}) (Version: 3.9.8 - ASUSTek Computer Inc.)
Eee Manager (HKLM-x32\...\{795274EF-3EDA-4427-9D4C-446C9137BB6D}) (Version: 2.13.12 - ASUSTeK Computer Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
G Data InternetSecurity 2014 (HKLM-x32\...\{7765322A-8601-47D3-AC60-B66677450D7B}) (Version: 24.0.3.4 - G Data Software AG)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Park Console (HKLM-x32\...\{3B9B1FCD-AD30-4076-B027-8C01C8E84284}_is1) (Version: 6.2.1.1 - Oberon Media, Inc.)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6296.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.20.3 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.46.5 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
OnlineFotoservice (HKLM-x32\...\OnlineFotoservice) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
OOBERegBackup (HKLM-x32\...\OOBERegBackup_is1) (Version: - ASUSTeK Computer Inc.)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PanoramaStudio 1.6 (deinstallieren) (HKLM-x32\...\PanoramaStudio) (Version: - )
PanoramaStudio 2.4 ((deinstallieren)) (HKLM\...\PanoramaStudio2) (Version: - )
PDF24 Creator 5.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
Steuerrecht-Datenbank 2013 (HKLM-x32\...\{8F69DB85-7596-4BCE-A884-CF186D727B36}) (Version: 1.0 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.13 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
Trend Micro Titanium (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.0 - Trend Micro Inc.)
Trend Micro Titanium (Version: 3.00 - Trend Micro Inc.) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
09-02-2014 09:46:53 Geplanter Prüfpunkt
16-02-2014 13:21:46 Windows Update
24-02-2014 17:14:05 Geplanter Prüfpunkt
04-03-2014 08:39:38 Geplanter Prüfpunkt
04-03-2014 09:28:40 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0C0E9CB5-0169-4CF3-AB1D-097FD03BF51D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-24] (Adobe Systems Incorporated)
Task: {224A390D-8BC4-4EBD-835F-4E8513E3CE12} - System32\Tasks\ASUS\EeeManagerSuiteHelper => C:\Program Files (x86)\ASUS\Eee Manager\AsEMRunHelper.exe [2010-05-06] (ASUSTeK Computer Inc.)
Task: {9C8D55A8-C920-4383-9B7D-5BC35310A9D6} - System32\Tasks\ASUS\AsMessageController => C:\Program Files (x86)\ASUS\Message Controller\AsMessageController.exe [2009-12-22] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2011-06-22 06:42 - 2011-06-22 06:42 - 00034304 _____ () C:\Windows\System32\ssp4ml6.dll
2008-10-24 15:35 - 2008-10-24 15:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2011-02-10 10:11 - 2011-02-10 10:11 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2009-03-02 03:08 - 2009-03-02 03:08 - 00003584 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\2.2.54.106\LogicNP.PropSheetExtensionHelper_x64.dll
2011-02-10 10:12 - 2010-09-17 09:32 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2011-02-10 10:12 - 2010-09-17 09:32 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2013-08-14 09:31 - 2013-08-14 09:31 - 00335312 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2014-03-09 17:51 - 2014-03-09 17:51 - 00050477 _____ () C:\Users\******\Desktop\Defogger.exe
2011-08-09 18:13 - 2009-09-16 02:17 - 00098304 _____ () C:\Program Files (x86)\ASUS\Message Controller\AsKeyboardHooker.dll
2011-08-09 18:13 - 2008-11-04 12:23 - 00077824 _____ () C:\Program Files (x86)\ASUS\Message Controller\AsRemoteControlHooker.dll
2011-08-09 18:12 - 2007-10-31 16:51 - 00061440 _____ () C:\Program Files (x86)\ASUS\Eee Manager\AsMultiLang.dll
2011-08-09 18:12 - 2008-10-28 19:52 - 00176128 _____ () C:\Program Files (x86)\ASUS\Eee Manager\ImageMgr.dll
2011-08-09 18:12 - 2007-10-31 16:51 - 00061440 _____ () C:\Program Files (x86)\ASUS\Eee Manager\EMOSDControl\MultiLang\AsMultiLang.dll
2011-08-09 18:12 - 2007-10-31 16:51 - 00061440 _____ () C:\Program Files (x86)\ASUS\Eee Manager\MessageParser\AsMultiLang.dll
2011-08-09 18:12 - 2009-07-02 09:05 - 00011264 _____ () C:\Program Files (x86)\ASUS\Eee Manager\TurboMaster\AsMultiLang.dll
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2011-02-10 10:01 - 2005-10-25 01:02 - 00050688 _____ () C:\Program Files (x86)\ASUS\ASUS Easy Update\AsMultiLang.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-02-15 11:09 - 2014-02-15 11:09 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Atheros AR9285 Wireless Network Adapter
Description: Atheros AR9285 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/25/2013 04:48:27 PM) (Source: Application Hang) (User: )
Description: Programm AsTurboMaster.exe, Version 1.0.3.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: d90
Startzeit: 01cf01882660fea7
Endzeit: 410
Anwendungspfad: C:\Program Files (x86)\ASUS\Eee Manager\TurboMaster\AsTurboMaster.exe
Berichts-ID: ef000aa6-6d7b-11e3-a8fd-705ab6e698c8
Error: (12/13/2013 08:17:19 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: OnlineFotoservice.exe, Version: 0.0.0.0, Zeitstempel: 0x529727dc
Name des fehlerhaften Moduls: Qt5Core.dll, Version: 5.1.1.0, Zeitstempel: 0x527b6c7a
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0001b076
ID des fehlerhaften Prozesses: 0xa5c
Startzeit der fehlerhaften Anwendung: 0xOnlineFotoservice.exe0
Pfad der fehlerhaften Anwendung: OnlineFotoservice.exe1
Pfad des fehlerhaften Moduls: OnlineFotoservice.exe2
Berichtskennung: OnlineFotoservice.exe3
Error: (10/30/2013 01:46:56 PM) (Source: acvpninstall) (User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 239
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
Error: (10/30/2013 01:46:56 PM) (Source: acvpninstall) (User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: Das System kann den angegebenen Pfad nicht finden.
Error: (10/30/2013 01:46:56 PM) (Source: acvpninstall) (User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 239
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
Error: (10/30/2013 01:46:56 PM) (Source: acvpninstall) (User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: Das System kann den angegebenen Pfad nicht finden.
Error: (10/30/2013 01:46:56 PM) (Source: acvpninstall) (User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 239
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
Error: (10/30/2013 01:46:56 PM) (Source: acvpninstall) (User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: Das System kann den angegebenen Pfad nicht finden.
Error: (10/09/2013 10:23:18 AM) (Source: Application Hang) (User: )
Description: Programm Skype.exe, Version 6.7.0.102 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 274
Startzeit: 01cec4cff14bcbb1
Endzeit: 8
Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID:
Error: (10/07/2013 01:52:02 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
System errors:
=============
Error: (02/28/2014 07:46:38 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
Error: (02/13/2014 00:37:43 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (02/13/2014 00:37:42 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (02/13/2014 00:37:41 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (02/13/2014 00:37:41 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (02/13/2014 00:37:40 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (02/10/2014 10:23:33 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 09.02.2014 um 12:53:27 unerwartet heruntergefahren.
Error: (02/02/2014 04:34:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/02/2014 04:34:07 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (02/02/2014 04:34:07 PM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Microsoft Office Sessions:
=========================
Error: (12/25/2013 04:48:27 PM) (Source: Application Hang)(User: )
Description: AsTurboMaster.exe1.0.3.5d9001cf01882660fea7410C:\Program Files (x86)\ASUS\Eee Manager\TurboMaster\AsTurboMaster.exeef000aa6-6d7b-11e3-a8fd-705ab6e698c8
Error: (12/13/2013 08:17:19 PM) (Source: Application Error)(User: )
Description: OnlineFotoservice.exe0.0.0.0529727dcQt5Core.dll5.1.1.0527b6c7ac00000fd0001b076a5c01cef837e502d546C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exeC:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\Qt5Core.dll2f3a34a9-642b-11e3-a536-705ab6e698c8
Error: (10/30/2013 01:46:56 PM) (Source: acvpninstall)(User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 239
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
Error: (10/30/2013 01:46:56 PM) (Source: acvpninstall)(User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: Das System kann den angegebenen Pfad nicht finden.
Error: (10/30/2013 01:46:56 PM) (Source: acvpninstall)(User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 239
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
Error: (10/30/2013 01:46:56 PM) (Source: acvpninstall)(User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: Das System kann den angegebenen Pfad nicht finden.
Error: (10/30/2013 01:46:56 PM) (Source: acvpninstall)(User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 239
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
Error: (10/30/2013 01:46:56 PM) (Source: acvpninstall)(User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: Das System kann den angegebenen Pfad nicht finden.
Error: (10/09/2013 10:23:18 AM) (Source: Application Hang)(User: )
Description: Skype.exe6.7.0.10227401cec4cff14bcbb18C:\Program Files (x86)\Skype\Phone\Skype.exe
Error: (10/07/2013 01:52:02 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
==================== Memory info ===========================
Percentage of memory in use: 76%
Total physical RAM: 2010.89 MB
Available physical RAM: 467.83 MB
Total Pagefile: 4021.79 MB
Available Pagefile: 1908.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (WIN7) (Fixed) (Total:80 GB) (Free:29.54 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:370.75 GB) (Free:370.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4DD3D722)
Partition 1: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 2: (Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=371 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-09 18:50:14
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC46 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\*****\AppData\Local\Temp\kglcruoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000774f1465 2 bytes [4F, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774f14bb 2 bytes [4F, 77]
.text ... * 2
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000774f1465 2 bytes [4F, 77]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774f14bb 2 bytes [4F, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000774f1465 2 bytes [4F, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774f14bb 2 bytes [4F, 77]
.text ... * 2
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000774f1465 2 bytes [4F, 77]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774f14bb 2 bytes [4F, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000774f1465 2 bytes [4F, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774f14bb 2 bytes [4F, 77]
.text ... * 2
.text C:\Users\*****\Desktop\Defogger.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000774f1465 2 bytes [4F, 77]
.text C:\Users\*****\Desktop\Defogger.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774f14bb 2 bytes [4F, 77]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\Explorer.EXE [1884:3432] 000007fef6005fd0
Thread C:\Windows\Explorer.EXE [1884:4032] 000007fef49ca19c
---- EOF - GMER 2.1 ----
|
| Themen zu Live-Stream: Klick öffnet zwei unerwünschte Tabs |
| adobe, gdata, gefunde, gestört, hallo zusammen, hijacking, kanal, klick, konnte, neue, neue tabs, nichts, stark, stream, tab, unerwünschte, würde, würdet, zusammen, ähnlich, öffnet |
Baum-Darstellung