Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Malware kennzeichnet Dateien und Ordner auf externen Medien als Systemdateien

Malware kennzeichnet Dateien und Ordner auf externen Medien als Systemdateien


Log-Analyse und Auswertung: Malware kennzeichnet Dateien und Ordner auf externen Medien als Systemdateien

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 21.04.2014, 17:52   #1
Hermes46
 
Malware kennzeichnet Dateien und Ordner auf externen Medien als Systemdateien - Standard

Malware kennzeichnet Dateien und Ordner auf externen Medien als Systemdateien


Malware kennzeichnet Dateien und Ordner auf externen Medien als Systemdateien

Hallo,
ich habe einen Virus oder Malware auf meinem Notebook, der alle Dateien und Ordner auf externen Medien versteckt und als Systemdateien kennzeichnet. Sichtbar werden nur Verknüpfungen zu jenen Dateien erstellt.
Auf allen Sticks gibt es einen SysBackUP.vbs Datei. Auch nach Formatierung bleibt diese bestehen. Ein Freund hatte das gleiche Problem und hat es über ein Malware-Portal gelöst, indem er erst einmal verdächtige Dateien auf dem PC gelöscht hat, wie z.B. Flashplayer.MSJ. Und dann die externen Medien mit gedrückter Shift Taste angeschlossen hat und die Datei: SysBackUP.vbs und alle Verknüpfungen gelöscht hat. Die empfohlenen Scans habe ich durch laufen lassen.

Addition:
Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-04-2014 01
Ran by Lina at 2014-04-21 18:05:27
Running from C:\Users\Lina\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.7 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ETDWare PS/2-X64 8.0.5.3_WHQL (HKLM\...\Elantech) (Version: 8.0.5.3 - ELAN Microelectronic Corp.)
Intel PROSet Wireless (Version: - ) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Grafiktreiber 268.56 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.56 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.41.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.22 (Version: 1.0.22 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 268.56 (Version: 268.56 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.22 - NVIDIA Corporation) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6373 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
SRWare Iron Version SRWare Iron 32.0.1750.1 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 32.0.1750.1 - SRWare)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)

==================== Restore Points =========================

13-03-2014 19:21:27 Geplanter Prüfpunkt
14-03-2014 17:20:25 Windows Update
20-03-2014 09:33:26 Windows Update
28-03-2014 18:37:20 Geplanter Prüfpunkt
07-04-2014 16:24:49 Geplanter Prüfpunkt
09-04-2014 20:51:55 Windows Update
19-04-2014 11:38:35 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1F630FF4-C224-4E14-868F-5DF240E1C57A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-12] (Adobe Systems Incorporated)
Task: {B75AB4AA-B0AD-4EBB-8BEC-FAD2491BEA63} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-05-02 14:41 - 2011-05-02 14:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-01-27 09:11 - 2011-01-27 09:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-05-02 14:41 - 2011-05-02 14:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2014-02-20 17:28 - 2014-02-14 12:00 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-04-21 17:37 - 2014-04-21 17:37 - 00041984 _____ () c:\users\lina\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzwgsq_.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Lina\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-20 17:26 - 2014-01-30 00:38 - 00902144 _____ () C:\Program Files (x86)\SRWare Iron\libglesv2.dll
2014-02-20 17:26 - 2014-01-30 00:38 - 00102912 _____ () C:\Program Files (x86)\SRWare Iron\libegl.dll
2014-02-20 17:26 - 2014-01-30 00:52 - 00883200 _____ () C:\Program Files (x86)\SRWare Iron\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/21/2014 05:37:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2014 10:18:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 03:05:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 00:48:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2014 08:58:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2014 10:53:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2014 07:35:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2014 06:51:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2014 09:14:46 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 32.0.1700.102, Zeitstempel: 0x52eae8b2
Name des fehlerhaften Moduls: chrome_child.dll, Version: 32.0.1700.102, Zeitstempel: 0x52eae87f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0071fe14
ID des fehlerhaften Prozesses: 0x1200
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (04/13/2014 07:16:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/21/2014 05:37:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/21/2014 05:37:54 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (04/21/2014 05:37:52 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (04/15/2014 08:59:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/15/2014 08:59:28 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (04/15/2014 08:59:26 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (04/15/2014 10:53:49 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/15/2014 10:53:49 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (04/15/2014 10:53:48 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (04/14/2014 06:52:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (04/21/2014 05:37:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2014 10:18:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 03:05:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 00:48:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2014 08:58:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2014 10:53:19 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2014 07:35:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2014 06:51:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2014 09:14:46 PM) (Source: Application Error)(User: )
Description: chrome.exe32.0.1700.10252eae8b2chrome_child.dll32.0.1700.10252eae87fc00000050071fe14120001cf5746a456b2ccC:\Program Files (x86)\SRWare Iron\chrome.exeC:\Program Files (x86)\SRWare Iron\chrome_child.dlldf78a1fa-c33f-11e3-ae36-f46d04fc8d7b

Error: (04/13/2014 07:16:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 6055.77 MB
Available physical RAM: 3802.42 MB
Total Pagefile: 12109.72 MB
Available Pagefile: 9724.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:440.76 GB) (Free:374.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:14.62 GB) (Free:8.23 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: EF24B474)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=441 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
defogger_disable:
Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:03 on 21/04/2014 (Lina)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST:
[QUOTEScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2014 01
Ran by Lina (administrator) on LINA-PC on 21-04-2014 18:04:55
Running from C:\Users\Lina\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Spotify Ltd) C:\Users\Lina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Lina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\WScript.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10228224 2010-11-03] (Intel Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [SysBackUp] => wscript.exe //B "C:\Users\Lina\AppData\Roaming\SysBackUp.vbs"
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1397790575-3557929223-22659222-1000\...\Run: [Spotify Web Helper] => C:\Users\Lina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd)
HKU\S-1-5-21-1397790575-3557929223-22659222-1000\...\Run: [SysBackUp] => wscript.exe //B "C:\Users\Lina\AppData\Roaming\SysBackUp.vbs"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-05-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-05-11] (NVIDIA Corporation)
Startup: C:\Users\Lina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB7EFAA41452ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-21 18:04 - 2014-04-21 18:05 - 00010204 _____ () C:\Users\Lina\Desktop\FRST.txt
2014-04-21 18:04 - 2014-04-21 18:04 - 00000000 ____D () C:\FRST
2014-04-21 18:03 - 2014-04-21 18:03 - 02163712 _____ (Farbar) C:\Users\Lina\Desktop\FRST64.exe
2014-04-21 18:03 - 2014-04-21 18:03 - 00050477 _____ () C:\Users\Lina\Desktop\Defogger.exe
2014-04-21 18:03 - 2014-04-21 18:03 - 00000470 _____ () C:\Users\Lina\Desktop\defogger_disable.log
2014-04-21 18:03 - 2014-04-21 18:03 - 00000000 _____ () C:\Users\Lina\defogger_reenable
2014-04-13 21:14 - 2014-04-13 21:14 - 00000000 ____D () C:\Users\Lina\AppData\Local\CrashDumps
2014-04-09 14:49 - 2014-04-09 14:49 - 00191488 _____ () C:\Users\Lina\Downloads\C & P 070314.ppt
2014-04-09 14:49 - 2014-04-09 14:49 - 00176128 _____ () C:\Users\Lina\Downloads\C&P 140314.ppt
2014-04-09 14:49 - 2014-04-09 14:49 - 00165376 _____ () C:\Users\Lina\Downloads\K&P 240314.ppt
2014-04-09 14:48 - 2014-04-09 14:48 - 00168960 _____ () C:\Users\Lina\Downloads\K&P 170314.ppt
2014-04-09 14:48 - 2014-04-09 14:48 - 00161792 _____ () C:\Users\Lina\Downloads\K&P 100314a.ppt
2014-04-09 14:48 - 2014-04-09 14:48 - 00132608 _____ () C:\Users\Lina\Downloads\K&P 100314.ppt
2014-04-09 14:46 - 2014-04-09 14:46 - 00346624 _____ () C:\Users\Lina\Downloads\K&P 030314a.ppt
2014-04-09 14:46 - 2014-04-09 14:46 - 00164864 _____ () C:\Users\Lina\Downloads\K&P 030314.ppt
2014-04-09 14:46 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 14:46 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 14:46 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 14:46 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 14:46 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 14:46 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 14:46 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 14:46 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 14:46 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 14:46 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 14:46 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 14:46 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 14:46 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 14:46 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 14:46 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 14:46 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 14:46 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 14:46 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 14:46 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 14:46 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 14:46 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-03-30 16:10 - 2014-03-30 16:16 - 00000000 ____D () C:\Users\Lina\AppData\Local\.elfohilfe
2014-03-23 13:26 - 2014-04-09 15:43 - 00000000 ____D () C:\Users\Lina\Documents\Dokumente
2014-03-23 13:26 - 2014-03-28 23:17 - 00000000 ____D () C:\Users\Lina\Desktop\Lina_Sicherung

==================== One Month Modified Files and Folders =======

2014-04-21 18:05 - 2014-04-21 18:04 - 00010204 _____ () C:\Users\Lina\Desktop\FRST.txt
2014-04-21 18:04 - 2014-04-21 18:04 - 00000000 ____D () C:\FRST
2014-04-21 18:03 - 2014-04-21 18:03 - 02163712 _____ (Farbar) C:\Users\Lina\Desktop\FRST64.exe
2014-04-21 18:03 - 2014-04-21 18:03 - 00050477 _____ () C:\Users\Lina\Desktop\Defogger.exe
2014-04-21 18:03 - 2014-04-21 18:03 - 00000470 _____ () C:\Users\Lina\Desktop\defogger_disable.log
2014-04-21 18:03 - 2014-04-21 18:03 - 00000000 _____ () C:\Users\Lina\defogger_reenable
2014-04-21 18:03 - 2014-02-20 14:15 - 00000000 ____D () C:\Users\Lina
2014-04-21 18:03 - 2014-02-20 14:07 - 01392612 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 17:46 - 2014-02-20 14:15 - 00000000 ___RD () C:\Users\Lina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-21 17:45 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-21 17:45 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 17:40 - 2011-04-12 09:43 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2014-04-21 17:40 - 2011-04-12 09:43 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2014-04-21 17:40 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-21 17:37 - 2014-02-20 17:39 - 00000000 ___RD () C:\Users\Lina\Dropbox
2014-04-21 17:37 - 2014-02-20 17:34 - 00000000 ____D () C:\Users\Lina\AppData\Roaming\Dropbox
2014-04-21 17:37 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-21 17:37 - 2009-07-14 06:51 - 00034314 _____ () C:\Windows\setupact.log
2014-04-19 15:13 - 2014-02-20 17:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-14 21:39 - 2014-02-20 17:40 - 00000000 ____D () C:\Users\Lina\AppData\Roaming\Spotify
2014-04-14 19:40 - 2014-02-20 17:43 - 00000000 ____D () C:\Users\Lina\AppData\Local\Spotify
2014-04-13 21:16 - 2014-02-20 17:37 - 00000000 ____D () C:\Users\Lina\AppData\Roaming\Skype
2014-04-13 21:14 - 2014-04-13 21:14 - 00000000 ____D () C:\Users\Lina\AppData\Local\CrashDumps
2014-04-12 17:56 - 2014-02-20 17:35 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-12 17:56 - 2014-02-20 17:35 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-12 17:56 - 2014-02-20 17:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-12 17:56 - 2014-02-20 17:33 - 00000000 ____D () C:\Users\Lina\AppData\Local\Adobe
2014-04-10 19:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-09 22:55 - 2014-02-25 21:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 22:54 - 2014-03-04 12:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 22:53 - 2014-03-04 12:50 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 15:43 - 2014-03-23 13:26 - 00000000 ____D () C:\Users\Lina\Documents\Dokumente
2014-04-09 14:49 - 2014-04-09 14:49 - 00191488 _____ () C:\Users\Lina\Downloads\C & P 070314.ppt
2014-04-09 14:49 - 2014-04-09 14:49 - 00176128 _____ () C:\Users\Lina\Downloads\C&P 140314.ppt
2014-04-09 14:49 - 2014-04-09 14:49 - 00165376 _____ () C:\Users\Lina\Downloads\K&P 240314.ppt
2014-04-09 14:48 - 2014-04-09 14:48 - 00168960 _____ () C:\Users\Lina\Downloads\K&P 170314.ppt
2014-04-09 14:48 - 2014-04-09 14:48 - 00161792 _____ () C:\Users\Lina\Downloads\K&P 100314a.ppt
2014-04-09 14:48 - 2014-04-09 14:48 - 00132608 _____ () C:\Users\Lina\Downloads\K&P 100314.ppt
2014-04-09 14:46 - 2014-04-09 14:46 - 00346624 _____ () C:\Users\Lina\Downloads\K&P 030314a.ppt
2014-04-09 14:46 - 2014-04-09 14:46 - 00164864 _____ () C:\Users\Lina\Downloads\K&P 030314.ppt
2014-04-07 18:24 - 2014-02-25 23:02 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-03-31 03:16 - 2014-04-09 14:46 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 14:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 14:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 14:46 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 16:16 - 2014-03-30 16:10 - 00000000 ____D () C:\Users\Lina\AppData\Local\.elfohilfe
2014-03-30 15:34 - 2010-11-21 05:47 - 00170816 _____ () C:\Windows\PFRO.log
2014-03-30 15:33 - 2014-02-26 18:01 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-03-28 23:17 - 2014-03-23 13:26 - 00000000 ____D () C:\Users\Lina\Desktop\Lina_Sicherung

Some content of TEMP:
====================
C:\Users\Lina\AppData\Local\Temp\avgnt.exe
C:\Users\Lina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzwgsq_.dll
C:\Users\Lina\AppData\Local\Temp\ose00000.exe
C:\Users\Lina\AppData\Local\Temp\ose00001.exe
C:\Users\Lina\AppData\Local\Temp\ose00002.exe
C:\Users\Lina\AppData\Local\Temp\ose00003.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 13:31

==================== End Of Log ============================][/QUOTE]

Gmer:
Zitat:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-21 18:18:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0003SDM1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Lina\AppData\Local\Temp\kxldapow.sys


---- User code sections - GMER 2.1 ----

.text C:\Users\Lina\AppData\Roaming\Dropbox\bin\Dropbox.exe[2788] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
.text C:\Users\Lina\AppData\Roaming\Dropbox\bin\Dropbox.exe[2788] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread [3120:3524] 0000000075917587
Thread [3120:3528] 0000000073fac59c
Thread [3120:3536] 0000000075378c90
Thread [3120:3164] 0000000077b92e65
Thread [3120:4784] 0000000073fac59c
Thread [3120:4788] 0000000073fac59c
Thread [3120:4792] 0000000073fac59c
Thread [3120:4904] 0000000073fac59c
Thread [3120:4908] 0000000073fac59c
Thread [3120:4912] 0000000073fac59c
Thread [3120:4916] 0000000073fac59c
Thread [3120:4920] 0000000073fac59c
Thread [3120:4924] 0000000073fac59c
Thread [3120:4928] 0000000073fac59c
Thread [3120:4932] 0000000073fac59c
Thread [3120:4936] 0000000073fac59c
Thread [3120:4940] 0000000073fac59c
Thread [3120:4944] 0000000073fac59c
Thread [3120:4948] 0000000073fac59c
Thread [3120:4952] 0000000073fac59c
Thread [3120:4956] 0000000073fac59c
Thread [3120:4960] 0000000073fac59c
Thread [3120:4964] 0000000073fac59c
Thread [3120:4968] 0000000073fac59c
Thread [3120:4972] 0000000073fac59c
Thread [3120:5008] 0000000073fac59c
Thread [3120:5012] 0000000074758960
Thread [3120:5016] 0000000074758960
Thread [3120:5020] 0000000074758960
Thread [3120:5024] 0000000074754090
Thread [3120:5032] 0000000073fac59c
Thread [3120:2872] 0000000073d2e2cb
Thread [3120:4272] 0000000077b93e85
---- Processes - GMER 2.1 ----

Library C:\Users\Lina\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Lina\AppData\Roaming\Dropbox\bin\Dropbox.exe [2788](2014-01-03 03:42:50) 0000000003c60000
Library c:\users\lina\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzwgsq_.dll (*** suspicious ***) @ C:\Users\Lina\AppData\Roaming\Dropbox\bin\Dropbox.exe [2788](2014-04-21 15:37:37) 0000000000e00000
Library C:\Users\Lina\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Lina\AppData\Roaming\Dropbox\bin\Dropbox.exe [2788](2013-10-18 23:55:02) 000000006fe10000
Library C:\Users\Lina\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Lina\AppData\Roaming\Dropbox\bin\Dropbox.exe [2788] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 000000006f480000

---- EOF - GMER 2.1 ----

 

Themen zu Malware kennzeichnet Dateien und Ordner auf externen Medien als Systemdateien
administrator, antivirus, asus, avg, avira, defender, excel, explorer, flash player, home, installation, malware, neustart, opera, problem, registry, security, services.exe, software, spotify web helper, svchost.exe, temp, usb, virus, windows, winlogon.exe


« Ukash beheben, Fehler System - kann nicht gestartet werden | Win 8.1 64 - Datenträger 1 (D:) 100% Auslastung »


Ähnliche Themen: Malware kennzeichnet Dateien und Ordner auf externen Medien als Systemdateien


  1. Ordner und Dateien auf externen Laufwerken werden nur als Verknüpfungen angezeigt
    Log-Analyse und Auswertung - 04.10.2014 (19)
  2. Virustotal entdeckt Social-Engineering in Medien-Dateien
    Nachrichten - 04.06.2013 (0)
  3. Troyaner stellt alle Ordner meiner externen Festplatte nur als log Datei da!
    Log-Analyse und Auswertung - 30.01.2013 (49)
  4. Ordner auf Externen Festplatte werden nur noch als Verknüpfungen angezeigt
    Log-Analyse und Auswertung - 07.10.2012 (3)
  5. RECYCLER Ordner auf externen Datenträgern, Nur noch Verknüpfungen..Wo sind meine Daten hin?
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (4)
  6. Ordner externer Medien sind nicht zu öffnende Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 16.09.2012 (9)
  7. Ordner auf Externen FP ist verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (12)
  8. Virus - Ordner auf externen Datenträgern werden zu Verknüpfungen
    Log-Analyse und Auswertung - 23.02.2012 (7)
  9. Verknüpfungen auf externen Geräten - Ordner öffnen sich nicht mehr!
    Plagegeister aller Art und deren Bekämpfung - 13.02.2012 (1)
  10. Ordner der Externen Festplatte sind plötzlich Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (26)
  11. recycler 470a1245.exe Kann auf Ordner auf der externen Platte nicht mehr zugreifen.
    Log-Analyse und Auswertung - 06.01.2012 (1)
  12. Auf externen Datenträgern werden Ordner zu Verknüpfungen
    Log-Analyse und Auswertung - 06.11.2011 (4)
  13. Alle Ordner auf externen Speichermedien sind Verknüpfungen
    Log-Analyse und Auswertung - 30.10.2011 (2)
  14. Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt
    Log-Analyse und Auswertung - 31.08.2011 (9)
  15. Alle Ordner auf externen Speichermedien nur noch Verknüpfungen
    Log-Analyse und Auswertung - 07.08.2011 (2)
  16. b71b77f5.exe - Ordner auf externen Speichermedien werden zu Verknüpfungen nach cmd.exe
    Log-Analyse und Auswertung - 18.07.2011 (5)
  17. b71b77f5.exe - Ordner auf externen Speichermedien werden zu Verknüpfungen nach cmd.exe
    Plagegeister aller Art und deren Bekämpfung - 13.07.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Malware kennzeichnet Dateien und Ordner auf externen Medien als Systemdateien - Malware kennzeichnet Dateien und Ordner auf externen Medien als Systemdateien Hallo, ich habe einen Virus oder Malware auf meinem Notebook, der alle Dateien und Ordner auf externen Medien versteckt und - Malware kennzeichnet Dateien und Ordner auf externen Medien als Systemdateien...

Alle Zeitangaben in WEZ +1. Es ist jetzt 13:51 Uhr.

Kontakt - Trojaner-Board - Archiv - Datenschutzerklärung - Nach oben

Copyright ©2000-2025, Trojaner-Board
Archiv
Du betrachtest: Malware kennzeichnet Dateien und Ordner auf externen Medien als Systemdateien auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19