| |
| |||||||
Log-Analyse und Auswertung: Windows 7: mehrere Funde, u.a. Java.lamar.skw.217Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.07.2014, 15:26
| #3 |
| |  Windows 7: mehrere Funde, u.a. Java.lamar.skw.217 Hallo Jürgen,
__________________vielen Dank für den Hinweis! Hier die beiden Logs: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-05 16:03:52
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000059 Hitachi_ rev.PB4O 465,76GB
Running: 1ct9m4n6.exe; Driver: C:\Users\Julia\AppData\Local\Temp\uwloypod.sys
---- System - GMER 2.1 ----
SSDT 8E330866 ZwCreateSection
SSDT 8E330870 ZwRequestWaitReplyPort
SSDT 8E33086B ZwSetContextThread
SSDT 8E330875 ZwSetSecurityObject
SSDT 8E33087A ZwSystemDebugControl
SSDT 8E330807 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 8327FA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832B9212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 832C058C 4 Bytes [66, 08, 33, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 832C08E8 4 Bytes [70, 08, 33, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 832C092C 1 Byte [6B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 832C092C 4 Bytes [6B, 08, 33, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 832C09A8 4 Bytes [75, 08, 33, 8E]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EC0A000, 0x2FC71C, 0xE8000020]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Processes - GMER 2.1 ----
Library C:\Users\Julia\Downloads\Defogger.exe (*** hidden *** ) @ C:\Users\Julia\Downloads\Defogger.exe [2440] 0x00400000
Library C:\Users\Julia\Downloads\FRST.exe (*** hidden *** ) @ C:\Users\Julia\Downloads\FRST.exe [5816] 0x013C0000
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Roche Diagnostics\ACCU-CHEK 360\Application\Accu-Chek 360\xb0 System Backup Utility.bat 1
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014
Ran by Julia at 2014-07-05 16:24:08
Running from C:\Users\Julia\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
ACCU-CHEK 360° (HKLM\...\InstallShield_{F4083807-2479-447E-807A-7F23A80D1B3E}) (Version: 1.0.35 - Roche Diagnostics Corporation)
ACCU-CHEK 360° (Version: 1.0.35 - Roche Diagnostics Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.0.16600 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.0.16600 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.01) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio (HKLM\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM\...\Ashampoo Photo Commander_is1) (Version: 8.3.2 - ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM\...\Ashampoo Photo Optimizer_is1) (Version: 3.12.0 - ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM\...\Ashampoo Snap_is1) (Version: 3.4.1 - ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{142C7D29-6031-806E-C3F5-9053594EF332}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
Bing Bar (HKLM\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Borland Data Engine (HKLM\...\{3AF6EF15-5841-4FF8-A3FC-5B2400AB9145}) (Version: 5.2.0 - Roche Diagnostics)
Catalyst Control Center Core Implementation (Version: 2010.0730.2158.37625 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2010.0730.2158.37625 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2010.0730.2158.37625 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2010.0730.2158.37625 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0730.2158.37625 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0730.2158.37625 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0730.2158.37625 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0730.2158.37625 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help Czech (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help Danish (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help Dutch (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help English (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help Finnish (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help French (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help German (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help Greek (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help Hungarian (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help Italian (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help Japanese (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help Korean (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help Polish (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help Russian (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help Spanish (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help Swedish (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help Thai (Version: 2010.0730.2157.37625 - ATI) Hidden
CCC Help Turkish (Version: 2010.0730.2157.37625 - ATI) Hidden
ccc-core-static (Version: 2010.0730.2158.37625 - Ihr Firmenname) Hidden
ccc-utility (Version: 2010.0730.2158.37625 - ATI) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.2602 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (Version: 3.0.2626 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Free Studio version 2014 (HKLM\...\Free Studio_is1) (Version: 6.3.1.514 - DVDVideoSoft Ltd.)
HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät (HKLM\...\{75674E4C-CDE5-4E64-8014-FDF6D9204C4B}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Hilfe (HKLM\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
Java Auto Updater (Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.45.0 - JMicron Technology Corp.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Marketsplash Schnellzugriffe (HKLM\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Medion Home Cinema (Version: 8.0.1505 - CyberLink Corp.) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (ACCUCHEK360) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
mylife DIABASS (HKLM\...\mylife DIABASS) (Version: 0 (Build 13.6.0.2) - mediaspects GmbH)
PDF24 Creator 6.4.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6132 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten (HKLM\...\{45015CD6-4E70-4D1F-811E-2906B23BF27F}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
System Control Manager (HKLM\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 2.210.0719.M007.01 - Micro-Star International Co., Ltd.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden
WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
==================== Restore Points =========================
21-06-2014 15:04:42 Windows Update
22-06-2014 09:05:24 Windows Update
23-06-2014 12:20:15 Windows Update
25-06-2014 08:02:45 Windows Update
27-06-2014 06:35:32 Windows Update
28-06-2014 12:25:50 Windows Update
28-06-2014 21:39:51 Windows Update
02-07-2014 15:09:18 Windows Update
03-07-2014 05:47:58 Windows Update
04-07-2014 06:34:10 Windows Update
05-07-2014 05:57:01 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0983A6EC-5DC6-46A8-8590-ABD01077214D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {2B515F6C-6DDF-4682-8550-33C22D5BFE58} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2906591255-1596359899-2470422207-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {3B8FE676-4EA8-4908-ACDE-B08A8A04E640} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2906591255-1596359899-2470422207-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {967FA1C5-8B43-4E26-A867-2E4D3C9470ED} - System32\Tasks\PCMeter\Startup => C:\Users\Julia\Desktop\Basti\PCMeter\PCMeterV0.3.exe
Task: {B051E6C3-7331-43CA-B7E2-4E92C73EAF5F} - System32\Tasks\{1F38EE06-6B7E-48CE-8C25-1F6AC88B983D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.0.104/de/go/help.faq.installer?LastError=1603
Task: {ED53D69A-4538-453A-89DE-AEE76BD470A7} - System32\Tasks\{485688D9-55EB-47C9-BEDB-88C1871EEA4B} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.9.0.123.259&LastError=404
Task: {F8967419-2920-4674-88FE-D305DAAE2843} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-06-19 12:16 - 2014-06-19 12:16 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ACCU-CHEK® 360° – Automatische Erkennung.lnk => C:\Windows\pss\ACCU-CHEK® 360° – Automatische Erkennung.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FILSHtray.lnk => C:\Windows\pss\FILSHtray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Julia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BullGuard => "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MGSysCtrl => C:\Program Files\System Control Manager\MGSysCtrl.exe
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/05/2014 07:58:43 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1714.Die ältere Version von Microsoft Visual C++ 2005 Redistributable konnte nicht entfernt werden. Wenden Sie sich an den technischen Support. Systemfehler 1612.
Error: (07/05/2014 07:58:43 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1714.Die ältere Version von Microsoft Visual C++ 2005 Redistributable konnte nicht entfernt werden. Wenden Sie sich an den technischen Support. Systemfehler 1612.
Error: (07/04/2014 08:34:41 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1714.Die ältere Version von Microsoft Visual C++ 2005 Redistributable konnte nicht entfernt werden. Wenden Sie sich an den technischen Support. Systemfehler 1612.
Error: (07/04/2014 08:34:41 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1714.Die ältere Version von Microsoft Visual C++ 2005 Redistributable konnte nicht entfernt werden. Wenden Sie sich an den technischen Support. Systemfehler 1612.
Error: (07/03/2014 07:48:18 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1714.Die ältere Version von Microsoft Visual C++ 2005 Redistributable konnte nicht entfernt werden. Wenden Sie sich an den technischen Support. Systemfehler 1612.
Error: (07/03/2014 07:48:18 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1714.Die ältere Version von Microsoft Visual C++ 2005 Redistributable konnte nicht entfernt werden. Wenden Sie sich an den technischen Support. Systemfehler 1612.
Error: (07/02/2014 05:11:01 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1714.Die ältere Version von Microsoft Visual C++ 2005 Redistributable konnte nicht entfernt werden. Wenden Sie sich an den technischen Support. Systemfehler 1612.
Error: (07/02/2014 05:11:01 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1714.Die ältere Version von Microsoft Visual C++ 2005 Redistributable konnte nicht entfernt werden. Wenden Sie sich an den technischen Support. Systemfehler 1612.
Error: (06/28/2014 11:40:04 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1714.Die ältere Version von Microsoft Visual C++ 2005 Redistributable konnte nicht entfernt werden. Wenden Sie sich an den technischen Support. Systemfehler 1612.
Error: (06/28/2014 11:40:04 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1714.Die ältere Version von Microsoft Visual C++ 2005 Redistributable konnte nicht entfernt werden. Wenden Sie sich an den technischen Support. Systemfehler 1612.
System errors:
=============
Error: (06/22/2014 06:24:26 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "JULIA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.105
registriert werden. Der Computer mit IP-Adresse 192.168.0.103 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (06/22/2014 06:24:26 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "JULIA-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.105
registriert werden. Der Computer mit IP-Adresse 192.168.0.103 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (06/22/2014 06:24:26 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{96106973-87FF-420F-98EE-333075CCCBB2} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (06/12/2014 09:32:16 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "JULIA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.101
registriert werden. Der Computer mit IP-Adresse 192.168.0.105 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (06/12/2014 09:32:16 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "JULIA-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.101
registriert werden. Der Computer mit IP-Adresse 192.168.0.105 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (06/12/2014 09:32:15 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{96106973-87FF-420F-98EE-333075CCCBB2} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (06/10/2014 09:53:34 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "JULIA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.101
registriert werden. Der Computer mit IP-Adresse 192.168.0.105 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (06/10/2014 09:51:44 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "JULIA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.101
registriert werden. Der Computer mit IP-Adresse 192.168.0.105 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (06/10/2014 09:27:13 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "JULIA-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.101
registriert werden. Der Computer mit IP-Adresse 192.168.0.105 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (06/10/2014 09:27:13 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "JULIA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.101
registriert werden. Der Computer mit IP-Adresse 192.168.0.105 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 1791.24 MB
Available physical RAM: 771.96 MB
Total Pagefile: 3582.48 MB
Available Pagefile: 2132.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.98 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:424.66 GB) (Free:369.52 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:30.48 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: B8FA3ECD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=425 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
 |
| Themen zu Windows 7: mehrere Funde, u.a. Java.lamar.skw.217 |
| adware/bho.bprotector.1.2, exp/cve-2012-0507.fr, exp/cve-2013-2423.jb, hdd0(c:, java/lamar.shg.44, pup.optional.babylon.a, pup.optional.datamngr.a, pup.optional.delta, pup.optional.delta.a, pup.optional.startpage, pup.optionalbundleinstaller.a, recover, tr/bprotector.gen, tr/bprotector.gen2, trojan.agent.tpl, trojan.rotbrowse |
Baum-Darstellung