![]() |
|
Log-Analyse und Auswertung: MSE meldet während Youtube-Besuch Virus DOS/DexoWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() MSE meldet während Youtube-Besuch Virus DOS/Dexo Hallo, während des Besuchs bei Youtube meldet Microsoft Security Essentials eine Bedrohung namens DOS/Dexo, die auch bereinigt werden kann. Allerdings kommt die Meldung immer wieder, sodass der Befall wohl nicht bereinigt wurde. Im Folgenden die Logfiles: defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 21:22 on 16/09/2014 (*****) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 Ran by ***** (administrator) on VOSTRO1320 on 16-09-2014 21:24:17 Running from C:\Users\*****\Desktop Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Absolute Software Corp.) C:\Windows\System32\rpcnet.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [217088 2009-02-27] (Alps Electric Co., Ltd.) HKU\S-1-5-21-568454323-3860998050-1635722913-1000\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [90624 2013-04-11] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x80E1198BD312CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jjyal2rp.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Classic Theme Restorer - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jjyal2rp.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-01] FF Extension: Classic Toolbar Buttons - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jjyal2rp.default\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2014-05-05] FF Extension: Ghostery - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jjyal2rp.default\Extensions\firefox@ghostery.com.xpi [2013-10-27] FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jjyal2rp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-25] Chrome: ======= CHR HKLM\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-04-19] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2007-02-12] (O2Micro International) R2 rpcnet; C:\Windows\system32\rpcnet.exe [58288 2013-02-24] (Absolute Software Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) R1 MpKsl88499ce7; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6D8B147-3168-409C-9927-E470B6E769F7}\MpKsl88499ce7.sys [39464 2014-09-16] (Microsoft Corporation) R3 O2MDGRDR; C:\Windows\System32\DRIVERS\o2mdg.sys [58528 2009-05-22] (O2Micro ) R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdg.sys [41504 2009-05-07] (O2Micro ) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-16 21:24 - 2014-09-16 21:24 - 00006184 _____ () C:\Users\*****\Desktop\FRST.txt 2014-09-16 21:24 - 2014-09-16 21:24 - 00000000 ____D () C:\FRST 2014-09-16 21:23 - 2014-09-16 21:23 - 01097728 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe 2014-09-16 21:22 - 2014-09-16 21:22 - 00000472 _____ () C:\Users\*****\Desktop\defogger_disable.log 2014-09-16 21:22 - 2014-09-16 21:22 - 00000000 _____ () C:\Users\*****\defogger_reenable 2014-09-16 21:21 - 2014-09-16 21:21 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe 2014-09-16 21:11 - 2014-09-16 21:12 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-16 21:11 - 2014-09-16 21:11 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-16 21:11 - 2014-09-16 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-16 21:11 - 2014-09-16 21:11 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-16 21:11 - 2014-09-16 21:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-16 21:11 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-16 21:11 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-16 21:11 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-16 21:10 - 2014-09-16 21:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-16 20:45 - 2014-09-16 20:45 - 00070336 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-16 20:44 - 2014-09-16 20:44 - 00000056 _____ () C:\Windows\setupact.log 2014-09-16 20:44 - 2014-09-16 20:44 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-16 20:43 - 2014-09-16 20:44 - 00315632 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-16 20:30 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-16 20:30 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-16 20:30 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-16 20:30 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-16 20:30 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-16 20:30 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-16 20:30 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-16 20:30 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-16 20:30 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-16 20:30 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-16 20:30 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-16 20:30 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-16 20:30 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-16 20:30 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-16 20:30 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-16 20:30 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-16 20:30 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-16 20:30 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-16 20:30 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-16 20:30 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-16 20:30 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-16 20:30 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-16 20:30 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-16 20:30 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-16 20:30 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-16 20:30 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-16 20:30 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-16 20:30 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-16 20:30 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-16 20:30 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-16 18:28 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-14 21:25 - 2014-09-14 21:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-12 23:00 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-12 23:00 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-12 23:00 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-12 23:00 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-12 22:59 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-12 22:59 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-09 21:26 - 2014-09-09 21:26 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2014-08-27 19:06 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-27 19:06 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-24 19:37 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-24 19:37 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-24 19:37 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-24 19:37 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-24 19:37 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-24 19:37 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-24 19:37 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-24 19:36 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-24 19:36 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-24 08:47 - 2014-08-24 08:47 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-16 21:24 - 2014-09-16 21:24 - 00006184 _____ () C:\Users\*****\Desktop\FRST.txt 2014-09-16 21:24 - 2014-09-16 21:24 - 00000000 ____D () C:\FRST 2014-09-16 21:23 - 2014-09-16 21:23 - 01097728 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe 2014-09-16 21:22 - 2014-09-16 21:22 - 00000472 _____ () C:\Users\*****\Desktop\defogger_disable.log 2014-09-16 21:22 - 2014-09-16 21:22 - 00000000 _____ () C:\Users\*****\defogger_reenable 2014-09-16 21:22 - 2013-02-24 09:12 - 00000000 ____D () C:\Users\***** 2014-09-16 21:21 - 2014-09-16 21:21 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe 2014-09-16 21:16 - 2013-02-24 09:08 - 01699019 _____ () C:\Windows\WindowsUpdate.log 2014-09-16 21:12 - 2014-09-16 21:11 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-16 21:11 - 2014-09-16 21:11 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-16 21:11 - 2014-09-16 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-16 21:11 - 2014-09-16 21:11 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-16 21:11 - 2014-09-16 21:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-16 21:10 - 2014-09-16 21:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-16 21:01 - 2013-02-24 09:15 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-16 20:49 - 2009-07-14 06:34 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-16 20:49 - 2009-07-14 06:34 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-16 20:45 - 2014-09-16 20:45 - 00070336 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-16 20:44 - 2014-09-16 20:44 - 00000056 _____ () C:\Windows\setupact.log 2014-09-16 20:44 - 2014-09-16 20:44 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-16 20:44 - 2014-09-16 20:43 - 00315632 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-16 20:44 - 2013-02-24 22:42 - 00058288 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll 2014-09-16 20:44 - 2013-02-24 09:04 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe 2014-09-16 20:44 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-16 20:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-09-16 20:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-16 20:26 - 2013-02-25 23:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-16 20:24 - 2013-02-24 09:05 - 00017920 _____ () C:\Windows\system32\rpcnetp.dll 2014-09-16 20:23 - 2013-02-24 23:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-16 18:28 - 2013-08-16 09:16 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-16 18:24 - 2013-02-24 23:03 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-16 18:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-09-16 18:23 - 2013-02-24 21:36 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-09-16 18:23 - 2013-02-24 21:36 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-09-16 18:23 - 2013-02-24 21:35 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-09-16 18:22 - 2014-05-11 06:25 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-15 21:23 - 2013-06-16 21:33 - 00000000 ____D () C:\ProgramData\tmp 2014-09-14 21:26 - 2014-09-14 21:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-09 21:26 - 2014-09-09 21:26 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2014-09-09 21:26 - 2013-02-25 23:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-09 21:26 - 2013-02-25 23:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-05 03:52 - 2014-09-12 22:59 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-05 03:47 - 2014-09-12 22:59 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-01 20:38 - 2013-02-24 22:36 - 00000000 ____D () C:\Users\*****\Documents\Kündigung Adressänderung u.a 2014-08-29 22:08 - 2013-03-07 22:57 - 00002254 ____H () C:\Users\*****\Documents\Default.rdp 2014-08-24 08:47 - 2014-08-24 08:47 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe 2014-08-24 08:47 - 2013-02-24 22:37 - 00000000 ____D () C:\Users\*****\Documents\Wichtiges 2014-08-23 03:46 - 2014-08-27 19:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-08-27 19:06 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-19 19:39 - 2014-09-16 20:30 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-19 00:26 - 2014-09-16 20:30 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-19 00:08 - 2014-09-16 20:30 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-18 23:57 - 2014-09-16 20:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-18 23:57 - 2014-09-16 20:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-18 23:46 - 2014-09-16 20:30 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-18 23:45 - 2014-09-16 20:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-18 23:44 - 2014-09-16 20:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-18 23:44 - 2014-09-16 20:30 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-18 23:42 - 2014-09-16 20:30 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-18 23:39 - 2014-09-16 20:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-18 23:39 - 2014-09-16 20:30 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-18 23:37 - 2014-09-16 20:30 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-18 23:36 - 2014-09-16 20:30 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-18 23:36 - 2014-09-16 20:30 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-18 23:35 - 2014-09-16 20:30 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-18 23:30 - 2014-09-16 20:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-18 23:27 - 2014-09-16 20:30 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-18 23:22 - 2014-09-16 20:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-18 23:19 - 2014-09-16 20:30 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-18 23:17 - 2014-09-16 20:30 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-18 23:17 - 2014-09-16 20:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-18 23:15 - 2014-09-16 20:30 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-18 23:09 - 2014-09-16 20:30 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-18 23:08 - 2014-09-16 20:30 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-18 23:08 - 2014-09-16 20:30 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-18 23:07 - 2014-09-16 20:30 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-18 22:46 - 2014-09-16 20:30 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-18 22:38 - 2014-09-16 20:30 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-18 22:36 - 2014-09-16 20:30 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-05-05 23:00 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014 Ran by ***** at 2014-09-16 21:24:57 Running from C:\Users\*****\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) AC-3 ACM Codec 2.2 (HKLM\...\AC3ACM) (Version: 2.2 - fccHandler) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC) Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber) Audiograbber MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG) BatteryBar (remove only) (HKLM\...\BatteryBar) (Version: - ) cam2pc Freeware Edition (remove only) (HKLM\...\cam2pc) (Version: - ) Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP) Cyberduck 4.3.1 (11008) (HKLM\...\Cyberduck) (Version: 4.3.1 (11008) - ) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.4.102.104 - ALPS ELECTRIC CO., LTD.) dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.2 - CEWE COLOR AG u Co. OHG) Kreuzworträtsel Freeware (HKLM\...\Kreuzworträtsel Freeware) (Version: - ) LameXP (HKLM\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: - ) LibreOffice 4.0.6.2 (HKLM\...\{85595843-720E-4344-8210-F1ACAE87B459}) (Version: 4.0.6.2 - The Document Foundation) Logitech Harmony Remote Software (x86) (HKLM\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Meine CEWE FOTOWELT (HKLM\...\Meine CEWE FOTOWELT) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Image Composite Editor (HKLM\...\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}) (Version: 1.4.4 - Microsoft Corporation) Microsoft Money 2000 (HKLM\...\MSMONEYV80) (Version: - ) Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 32.0.1 (x86 de) (HKLM\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) Mp3tag v2.54 (HKLM\...\Mp3tag) (Version: v2.54 - Florian Heidenreich) MSI Afterburner 2.3.1 (HKLM\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD) O2Micro Flash Memory Card Windows Driver (HKLM\...\InstallShield_{B066A843-8978-4501-A900-A28C5EFE148B}) (Version: 2.0.09 - O2Micro International LTD.) O2Micro Flash Memory Card Windows Driver (Version: 2.0.09 - O2Micro International LTD.) Hidden Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge) TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29272 - TeamViewer) TextPad 7 (HKLM\...\{91504075-2461-45C6-9FED-04CAFDA4069F}) (Version: 7.1.0 - Helios) XAMPP (HKLM\...\xampp) (Version: 1.8.3-2 - BitNami) XMedia Recode Version 3.1.7.9 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.9 - XMedia Recode) XnView 2.04 (HKLM\...\XnView_is1) (Version: 2.04 - Gougelet Pierre-e) Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-568454323-3860998050-1635722913-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) CustomCLSID: HKU\S-1-5-21-568454323-3860998050-1635722913-1000_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files\TextPad 7\System\shellext32.dll (Helios Software Solutions) ==================== Restore Points ========================= 19-08-2014 20:18:50 Windows Update 23-08-2014 18:00:43 Windows Update 24-08-2014 17:36:06 Windows Update 27-08-2014 16:59:40 Windows Update 28-08-2014 17:08:25 Windows Update 31-08-2014 17:34:27 Windows Update 04-09-2014 18:37:04 Windows Update 08-09-2014 19:09:57 Windows Update 12-09-2014 21:02:35 Windows Update 16-09-2014 15:35:32 Windows Update 16-09-2014 18:28:01 Windows Update 16-09-2014 19:05:24 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0AF99A65-183D-4B41-916D-C4E1A9D313B5} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-568454323-3860998050-1635722913-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Task: {9B27BEB8-1E86-4035-A002-C7DB69618A49} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: {A065A5D0-5E00-481B-8836-98A0E6BB6CB3} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-568454323-3860998050-1635722913-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {B3150868-05D9-4B57-97DA-962995B38F7F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-568454323-3860998050-1635722913-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {CBDCE9A9-2581-4179-8347-68B4E6CD6D3E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-568454323-3860998050-1635722913-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Task: {D55A804E-1A99-48C4-A83C-156310EC1C50} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-568454323-3860998050-1635722913-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe Task: {F397CFC0-E537-45EC-91AA-4DDEFED1AF3D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-09-14 21:25 - 2014-09-14 21:26 - 03716720 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/23/2014 09:50:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91 Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0x9c8 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (08/19/2014 10:19:08 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320) Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (06/07/2014 08:57:32 AM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (06/05/2014 10:04:21 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (06/05/2014 09:52:57 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (06/02/2014 08:48:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (05/27/2014 07:36:05 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (05/27/2014 05:08:35 AM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (05/27/2014 05:07:42 AM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (05/27/2014 05:07:42 AM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) System errors: ============= Error: (09/16/2014 08:46:15 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/16/2014 08:37:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.185.1.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.6.0305.00 Quellpfad: 4.6.0305.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (09/16/2014 08:29:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200d fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 SP1 x86 (KB2972211) Error: (09/16/2014 08:25:42 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/16/2014 08:24:02 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 16.09.2014 um 18:29:13 unerwartet heruntergefahren. Error: (09/14/2014 11:30:14 AM) (Source: ACPI) (EventID: 13) (User: ) Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error: (09/14/2014 11:21:37 AM) (Source: ACPI) (EventID: 13) (User: ) Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error: (09/13/2014 09:12:02 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/10/2014 10:54:16 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/10/2014 10:52:51 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 10.09.2014 um 22:48:34 unerwartet heruntergefahren. Microsoft Office Sessions: ========================= Error: (08/23/2014 09:50:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b9c801cfbf0b6bbd7bfeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllaf0564a4-2afe-11e4-9bff-0024e8e9699f Error: (08/19/2014 10:19:08 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320) Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL) Error: (06/07/2014 08:57:32 AM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) Error: (06/05/2014 10:04:21 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) Error: (06/05/2014 09:52:57 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) Error: (06/02/2014 08:48:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) Error: (05/27/2014 07:36:05 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) Error: (05/27/2014 05:08:35 AM) (Source: MsiInstaller) (EventID: 1024) (User: Vostro1320) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) Error: (05/27/2014 05:07:42 AM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (05/27/2014 05:07:42 AM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz Percentage of memory in use: 41% Total physical RAM: 3032.96 MB Available physical RAM: 1779.41 MB Total Pagefile: 6064.2 MB Available Pagefile: 4905.75 MB Total Virtual: 2047.88 MB Available Virtual: 1909.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.95 GB) (Free:81.28 GB) NTFS Drive d: (NOTFALL_DVD_FREE) (CDROM) (Total:0.83 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-09-16 21:38:49 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160310AS rev.DE06 149,05GB Running: 9pip5jep.exe; Driver: C:\Users\*****\AppData\Local\Temp\kxdorfow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A45A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A7F212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- EOF - GMER 2.1 ---- Code:
ATTFilter Virus:DOS/Dexo Der folgende Fehler ist aufgetreten: Fehlercode: 0x80508023. Auf dem Computer wurde keine Schadsoftware oder andere potenziell unerwünschte Software gefunden. Kategorie: Virus Beschreibung: Dieses Programm ist gefährlich. Es repliziert sich, indem es andere Dateien infiziert. Empfohlene Aktion: Entfernen Sie diese Software unverzüglich. Elemente: boot:\Device\Harddisk0\DR0 Online weitere Informationen zu diesem Element abrufen Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 16.09.2014 Scan Time: 21:12:25 Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.09.16.07 Rootkit Database: v2014.09.15.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: ***** Scan Type: Threat Scan Result: Completed Objects Scanned: 274871 Time Elapsed: 7 min, 40 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Vielen Dank im Voraus an alle Helfer und Helfeshelfer. |
Themen zu MSE meldet während Youtube-Besuch Virus DOS/Dexo |
adware, browser, defender, dos/dexo, entfernen, explorer, fehlercode 0x80000003, fehlercode 0x80508023, fehlercode 1, firefox, flash player, home, installation, mozilla, programm, registry, services.exe, software, svchost.exe, system, updates, windows, winlogon.exe |